From the upstream advisory [1]: Invalid Return value check in pkey_rsa_verifyrecover ==================================================== When verification recovery fails for RSA keys an uninitialised buffer with an undefined length is returned instead of an error code (CVE-2010-1633). This bug is only present in OpenSSL 1.0.0 and only affects applications that call the function EVP_PKEY_verify_recover(). As this function is not present in previous versions of OpenSSL and not used by OpenSSL internal code very few applications should be affected. The OpenSSL utility application "pkeyutl" does use this function. Affected users should update to 1.0.0a which contains a patch to correct this bug. Thanks to Peter-Michael Hager for reporting this issue. [1] http://www.openssl.org/news/secadv_20100601.txt
Statement: Not vulnerable. These issues did not affect the versions of OpenSSL as shipped with Red Hat Enterprise Linux 3, 4, or 5.
Created openssl tracking bugs for this issue Affects: fedora-12 [bug 598736] Affects: fedora-13 [bug 598737]
Upstream commit that corrects this issue: http://cvs.openssl.org/chngview?cn=19693
(In reply to comment #4) > Upstream commit that corrects this issue: > http://cvs.openssl.org/chngview?cn=19693 Relevant part is crypto/rsa/rsa_pmeth.c change: http://cvs.openssl.org/filediff?f=openssl/crypto/rsa/rsa_pmeth.c&v1=1.34&v2=1.34.2.1
openssl-1.0.0a-1.fc13 has been submitted as an update for Fedora 13. http://admin.fedoraproject.org/updates/openssl-1.0.0a-1.fc13
openssl-1.0.0a-1.fc12 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/openssl-1.0.0a-1.fc12
openssl-1.0.0a-1.fc13 has been pushed to the Fedora 13 stable repository. If problems still persist, please make note of it in this bug report.
openssl-1.0.0a-1.fc12 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.