A NULL pointer dereference flaw was found in the way OpenSSL parsed Secure/Multipurpose Internet Mail Extensions (S/MIME) messages. An attacker could use this flaw to crash an application that uses OpenSSL to decrypt or verify S/MIME messages. This update also fixes a regression caused by the fix for CVE-2011-4619, released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated Cryptography (SGC) handshakes to fail. Update your systems ASAP, via yum update. Redhat ERRATA
Mine looks to have taken care of itself overnight in CentOS 5 Code: Mar 29 02:06:34 Updated: openssl-0.9.8e-22.el5_8.1.i686 Mar 29 02:06:38 Updated: openssl-devel-0.9.8e-22.el5_8.1.i386
Yes it is, and just looking at the yum logs has been there since at least 2009 Code: sudo grep -i ssl-devel yum* yum.log:Jan 25 21:06:42 Updated: openssl-devel-0.9.8e-20.el5_7.1.i386 yum.log:Feb 07 21:06:26 Updated: openssl-devel-0.9.8e-20.el5_7.1.0.1.centos.i386 yum.log:Mar 12 22:14:28 Updated: openssl-devel-0.9.8e-22.el5.i386 yum.log:Mar 29 02:06:38 Updated: openssl-devel-0.9.8e-22.el5_8.1.i386 yum.log.2:Sep 14 21:08:46 Updated: openssl-devel-0.9.8e-20.el5.i386 yum.log.3:Jan 21 21:07:04 Updated: openssl-devel-0.9.8e-12.el5_4.1.i386 yum.log.3:Mar 28 21:06:32 Updated: openssl-devel-0.9.8e-12.el5_4.6.i386 yum.log.3:Dec 14 21:06:35 Updated: openssl-devel-0.9.8e-12.el5_5.7.i386 yum.log.4:Sep 16 00:35:22 Updated: openssl-devel-0.9.8e-12.el5.i386 Code: ls -al yum* -rw------- 1 root root 10262 Mar 29 02:06 yum.log -rw------- 1 root root 173 Dec 28 21:06 yum.log.1 -rw------- 1 root root 19382 Dec 12 21:06 yum.log.2 -rw------- 1 root root 26038 Dec 27 2010 yum.log.3 -rw------- 1 root root 14308 Dec 19 2009 yum.log.4
