----- Original Message ----- > > From: "Shruti Palshikar" <shr...@buysidefx.com> > To: openssl-dev@openssl.org > Sent: Thursday, 24 April, 2014 3:33:50 PM > Subject: Re: Upgrading OpenSSL on RHEL5 > > I was referring to the TLS/SSL renegotiation vulnerability. Do you know if > the 0.98e version has the fix?
Yes, CVE-2009-3555 is fixed in the openssl package as shipped in RHEL-5: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-3555#c105 -- Regards, Hubert Kario BaseOS QE Security team Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List openssl-dev@openssl.org Automated List Manager majord...@openssl.org