Type      :  Security Update

Severity :   High

Affected Channels:  Asianux Server 3 for x86 / x86_64 for Red Flag

CVEs    :  2012-2333

Description : 

The OpenSSL toolkit provides support for secure communications between machi    nes. OpenSSL includes a certificate management tool and shared libraries whi    ch provide various cryptographic algorithms and protocols.

Security issues fixed with this release:

CVE-2012-2333

Integer underflow in OpenSSL before 0.9.8x, 1.0.0 before 1.0.0j, and 1.0.1 b    efore 1.0.1c, when TLS 1.1, TLS 1.2, or DTLS is used with CBC encryption, al    lows remote attackers to cause a denial of service (buffer over-read) or pos    sibly have unspecified other impact via a crafted TLS packet that is not pro    perly handled during a certain explicit IV calculation. 

Solution : Update packages.

For example

1、tar  zxvf  openssl-0.9.8e-22.AXS3.4.i386.tar.gz

2、cd  x86

3、rpm  -Uvh   *.rpm

Download :

x86          x86-64