CVE-2011-4577

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to 1.0.0f OpenSSL versions prior to 0.9.8s OpenSSL version 1.0.0 openssl-devel version 1.0.0 openssl-debuginfo version 1.0.0 openssl-static version 1.0.0

Description The issue affects the confidentiality, integrity, and availability of protected information. Exploitation of the vulnerabilities can be done remotely. The vulnerabilities are related to the handling of X.509 certificate containing certificate-extension data associated with IP address blocks or Autonomous System (AS) identifiers when RFC 3779 support is enabled.

Recommendations For OpenSSL versions prior to 1.0.0f, update to version 1.0.0f or later. For OpenSSL versions prior to 0.9.8s, update to version 0.9.8s or later. For openssl-devel version 1.0.0, update to a version that is not affected by the vulnerability. For openssl-debuginfo version 1.0.0, update to a version that is not affected by the vulnerability. For openssl-static version 1.0.0, update to a version that is not affected by the vulnerability. As a temporary workaround, consider disabling RFC 3779 support until a patch is available.