Description
A flaw was found in the PKCS#7 and Cryptographic Message Syntax (CMS)
implementations in OpenSSL. An attacker could possibly use this flaw to
perform a Bleichenbacher attack to decrypt an encrypted CMS, PKCS#7, or
S/MIME message by sending a large number of chosen ciphertext messages to
a service using OpenSSL and measuring error response times. (CVE-2012-0884)
This update also fixes a regression caused by the fix for CVE-2011-4619,
released via RHSA-2012:0060 and RHSA-2012:0059, which caused Server Gated
Cryptography (SGC) handshakes to fail.