Red Hat Bugzilla – Bug 321191
CVE-2007-4995 openssl dtls out of order vulnerabilitiy
Last modified: 2008-01-16 12:45:58 EST
The OpenSSL team reported a flaw in OpenSSL DTLS support (introduced in OpenSSL
0.9.8) that could potentially lead to arbitrary code execution.
This will only affect OpenSSL with Red Hat Enterprise Linux 5, not earlier
versions. We don't ship any client or server that uses DTLS by default.
We need to investigate the technical nature of the flaw to determine if the flaw
is captured by the various technologies in OpenSSL.
Currently embargoed, public date not yet set.
Created attachment 218291 [details]
Created attachment 218311 [details]
now public, removing embargo
This issue was addressed in:
Red Hat Enterprise Linux: