rPath Security Advisory: 2006-0163-1 Published: 2006-09-05 Products: rPath Linux 1 Rating: Major Exposure Level Classification: Remote Deterministic Unauthorized Access Updated Versions: openssl=/conary.rpath.com@rpl:devel//1/0.9.7f-10.3-1 openssl-scripts=/conary.rpath.com@rpl:devel//1/0.9.7f-10.3-1 References: http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339 https://issues.rpath.com/browse/RPL-616 http://www.openssl.org/news/secadv_20060905.txt http://www.imc.org/ietf-openpgp/mail-archive/msg14307.html Description: Previous versions of the openssl package are vulnerable to a remote unauthorized access attack when RSA keys with exponent 3 are used for authentication. While this version of the openssl package resolves that vulnerability, it is generally recommended not to use RSA keys with exponent 3 for authentication because multiple implementations contain this vulnerability. RSA keys with exponent 3 are not in common use.