In the case of Open SSL 1.0.2, the first problem child is "Client Hello sigalgs Do S (CVE-2015-0291)." With this bug a client, while looking as if it were trying to negotiate a Transport Layer Security (TLS) or Secure Sockets Layer (SSL) connection, can actually provoke a NULL pointer result.As anyone who's ever done much programing can guess that NULL pointer can, in turn, be used to knock the target program off the server. At least one researcher, David Ramos has reported that, "I have [a] working exploit for upcoming CVE-2015-0291 1.0.2 server Do S.
Bob creates a private key and certificate signing request (CSR). Bob installs the certificate in his web browser and is now able to access Alice’s kitten pictures. Alice finds out and needs to revoke his access immediately.
The other serious bug, "RSA silently downgrades to EXPORT_RSA [Client] (CVE-2015-0204)," is just as ugly and more insidious.
* Starting Apache httpd web server apache2 * * The apache2 configtest failed.
As an example for Cent OS 6, RHEL6 and Cloud Linux 6, this can be done using the commands: It is highly recommended that you change passwords for administrative staff after the update is finished.
We encourage all customers to revoke and reissue SSL certificates.