Invalid GOST parameters DoS Attack (CVE-2012-0027)
A malicious TLS client can send an invalid set of GOST parameters
which will cause the server to crash due to lack of error checking.
This could be used in a denial-of-service attack.
Only users of the OpenSSL GOST ENGINE are affected by this bug.
Thanks to Andrey Kulikov <firstname.lastname@example.org> for identifying and fixing
Affected users should upgrade to OpenSSL 1.0.0f.
Seems to be the fix here:
GOST Engine is not being compiled on Fedora and RHEL due to requirement of EC crypto.
Additionally, openssl versions in Red Hat Enterprise Linux 5 and earlier do not include GOST at all.
Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5 and 6, as they did not include GOST engine support.