Back to bug 1301845
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Huzaifa S. Sidhpurwala | 2016-01-26 07:26:44 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-01-26 07:26:44 UTC | Doc Type | --- | Bug Fix |
| Huzaifa S. Sidhpurwala | 2016-01-26 07:34:51 UTC | Blocks | 1301847 | |
| Tomas Hoger | 2016-01-26 12:02:07 UTC | CC | tmraz | |
| Huzaifa S. Sidhpurwala | 2016-01-28 08:49:26 UTC | Whiteboard | impact=moderate,public=no,reported=20160126,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=notaffected,rhel-6/openssl=notaffected,rhel-7/openssl=notaffected,fedora-all/openssl=notaffected | impact=moderate,public=no,reported=20160126,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=notaffected,rhel-6/openssl098e=notaffected,rhel-7/openssl=notaffected,rhel-7/openssl098e=notaffected,eap-6/openssl=notaffected,jbews-1/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=notaffected,fedora-all/openssl=notaffected,fedora-all/mingw-openssl=notaffected |
| Huzaifa S. Sidhpurwala | 2016-01-28 09:15:23 UTC | Doc Text | It was found that OpenSSL used weak Diffie-Hellman parameters based on unsafe primes, which were generated and stored in X9.42 style parameter files. An attacker who could force the peer to do multiple handshakes using hte same private DH component, could use this flaw to conduct MITM attack on the SSl/TLS connection. | |
| Martin Prpič | 2016-01-28 10:01:34 UTC | Doc Text | It was found that OpenSSL used weak Diffie-Hellman parameters based on unsafe primes, which were generated and stored in X9.42 style parameter files. An attacker who could force the peer to do multiple handshakes using hte same private DH component, could use this flaw to conduct MITM attack on the SSl/TLS connection. | It was found that OpenSSL used weak Diffie-Hellman parameters based on unsafe primes, which were generated and stored in X9.42-style parameter files. An attacker who could force the peer to perform multiple handshakes using the same private DH component could use this flaw to conduct man-in-the-middle attacks on the SSL/TLS connection. |
| Martin Prpič | 2016-01-28 15:06:08 UTC | Whiteboard | impact=moderate,public=no,reported=20160126,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=notaffected,rhel-6/openssl098e=notaffected,rhel-7/openssl=notaffected,rhel-7/openssl098e=notaffected,eap-6/openssl=notaffected,jbews-1/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=notaffected,fedora-all/openssl=notaffected,fedora-all/mingw-openssl=notaffected | impact=moderate,public=20160128,reported=20160126,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=notaffected,rhel-6/openssl098e=notaffected,rhel-7/openssl=notaffected,rhel-7/openssl098e=notaffected,eap-6/openssl=notaffected,jbews-1/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=notaffected,fedora-all/openssl=notaffected,fedora-all/mingw-openssl=notaffected |
| Martin Prpič | 2016-01-28 15:06:10 UTC | Summary | EMBARGOED CVE-2016-0701 OpenSSL: DH small subgroups | CVE-2016-0701 OpenSSL: DH small subgroups |
| Martin Prpič | 2016-01-28 15:06:14 UTC | Group | security, qe_staff | |
| Martin Prpič | 2016-01-28 15:12:22 UTC | Whiteboard | impact=moderate,public=20160128,reported=20160126,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=notaffected,rhel-6/openssl098e=notaffected,rhel-7/openssl=notaffected,rhel-7/openssl098e=notaffected,eap-6/openssl=notaffected,jbews-1/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=notaffected,fedora-all/openssl=notaffected,fedora-all/mingw-openssl=notaffected | impact=moderate,public=20160128,reported=20160126,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=notaffected,rhel-6/openssl098e=notaffected,rhel-7/openssl=notaffected,rhel-7/openssl098e=notaffected,eap-6/openssl=notaffected,jbews-1/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=notaffected,fedora-all/openssl=notaffected,fedora-all/mingw-openssl=notaffected,epel-5/openssl101e=notaffected |
| Martin Prpič | 2016-01-28 15:12:27 UTC | CC | redhat-bugzilla | |
| Huzaifa S. Sidhpurwala | 2016-01-29 02:48:53 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2016-01-28 21:48:53 UTC | |||
| Jay Shin | 2016-02-05 01:07:14 UTC | CC | jaeshin | |
| Link ID | Red Hat Knowledge Base (Solution) 2145861 | |||
| Product Security DevOps Team | 2019-09-29 13:43:28 UTC | Whiteboard | impact=moderate,public=20160128,reported=20160126,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=notaffected,rhel-5/openssl097a=notaffected,rhel-6/openssl=notaffected,rhel-6/openssl098e=notaffected,rhel-7/openssl=notaffected,rhel-7/openssl098e=notaffected,eap-6/openssl=notaffected,jbews-1/openssl=notaffected,jbews-2/openssl=notaffected,jbews-3/openssl=notaffected,fedora-all/openssl=notaffected,fedora-all/mingw-openssl=notaffected,epel-5/openssl101e=notaffected |
Back to bug 1301845