Two security vulnerabilities in the OpenSSL product (see openssl(5)) shipped with Solaris 10 may affect applications which make use of this product. Depending on the individual application, the first issue may allow a local or remote unprivileged user to execute arbitrary code with the privileges of the user running the application.
The second issue may allow a remote user who controls a server to which an application connects to crash that application, causing a Denial of Service (DoS) condition.
These issues are also referenced in the following documents:
CVE-2006-3738 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
CVE-2006-4343 at http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
Sun wishes to acknowledge with thanks, Tavis Ormandy and Will Drewry (Google Security Team) for bringing these issues to our attention.