Red Hat Bugzilla – Bug 815661
CVE-2012-2131 openssl: incomplete fix of CVE-2012-2110 for 0.9.x
Last modified: 2012-04-24 11:43:42 EDT
It was discovered that upstream fix for OpenSSL issue CVE-2012-2110 (see bug #814185) did not completely address the issue for OpenSSL versions 0.9.x. This incomplete fix problem did not affect versions 1.0.0 and 1.0.1, and was corrected in 0.9.8 branch in version 0.9.8w.
Upstream commit and announcement of the 0.9.8w release:
As there were no Red Hat Enterprise Linux or Fedora updates released with an incomplete fix, they are not affected by this CVE.
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6, as there were no updates released with an incomplete CVE-2012-2110 fix.