Back to bug 1310593
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Huzaifa S. Sidhpurwala | 2016-02-22 10:24:03 UTC | CC | security-response-team | |
| Red Hat Bugzilla | 2016-02-22 10:24:03 UTC | Doc Type | --- | Bug Fix |
| Huzaifa S. Sidhpurwala | 2016-02-22 10:26:39 UTC | Blocks | 1301847 | |
| Adam Mariš | 2016-02-22 17:30:20 UTC | CC | amaris | |
| Chris Robinson | 2016-02-22 19:46:20 UTC | CC | crrobins | |
| Huzaifa S. Sidhpurwala | 2016-02-23 11:45:20 UTC | Whiteboard | impact=moderate,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected | impact=moderate,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor/openssl=affected |
| Huzaifa S. Sidhpurwala | 2016-02-23 11:53:44 UTC | Priority | medium | high |
| Whiteboard | impact=moderate,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor/openssl=affected | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor/openssl=affected | ||
| Severity | medium | high | ||
| Huzaifa S. Sidhpurwala | 2016-02-23 11:55:26 UTC | Whiteboard | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor/openssl=affected | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected |
| Petr Matousek | 2016-02-23 12:08:03 UTC | Depends On | 1311103 | |
| Petr Matousek | 2016-02-23 12:08:14 UTC | Depends On | 1311104 | |
| Huzaifa S. Sidhpurwala | 2016-02-23 12:10:41 UTC | Whiteboard | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected |
| Huzaifa S. Sidhpurwala | 2016-02-23 12:11:28 UTC | Whiteboard | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-7.1.z/openssl=affected |
| Petr Matousek | 2016-02-23 12:29:30 UTC | CC | fdeutsch, pmatouse | |
| Tomas Hoger | 2016-02-23 12:33:39 UTC | Whiteboard | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-5/openssl=affected,rhel-6/openssl=affected,rhel-7/openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,fedora-all/openssl=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-7.1.z/openssl=affected | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected |
| Fabian Deutsch | 2016-02-23 13:17:35 UTC | CC | dfediuck | |
| Fabian Deutsch | 2016-02-23 13:32:53 UTC | CC | pkliczew | |
| Huzaifa S. Sidhpurwala | 2016-02-24 10:43:38 UTC | Depends On | 1311478 | |
| Huzaifa S. Sidhpurwala | 2016-02-24 10:43:47 UTC | Depends On | 1311479 | |
| Huzaifa S. Sidhpurwala | 2016-02-24 10:43:57 UTC | Depends On | 1311480 | |
| Huzaifa S. Sidhpurwala | 2016-02-24 10:44:05 UTC | Depends On | 1311481 | |
| Huzaifa S. Sidhpurwala | 2016-02-24 10:44:16 UTC | Depends On | 1311482 | |
| Huzaifa S. Sidhpurwala | 2016-02-24 10:44:23 UTC | Depends On | 1311483 | |
| Huzaifa S. Sidhpurwala | 2016-02-24 10:44:33 UTC | Depends On | 1311484 | |
| Huzaifa S. Sidhpurwala | 2016-02-25 09:00:28 UTC | Depends On | 1311867 | |
| Tomas Hoger | 2016-02-25 20:30:11 UTC | Summary | EMBARGOED CVE-2016-0800 OpenSSL: Cross-protocol attack on TLS using SSLv2 (DROWN) | EMBARGOED CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) |
| Whiteboard | impact=important,public=no,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected | ||
| Huzaifa S. Sidhpurwala | 2016-02-26 05:36:13 UTC | Doc Text | A cross-protocol attack was discovered that could lead to decryption of TLS sessions, by using a server which supports SSLv2. A man-in-the-middle attacker could use this flaw to decrypt TLS traffic between a TLS server and client | |
| Huzaifa S. Sidhpurwala | 2016-02-26 07:45:16 UTC | Depends On | 1301848 | |
| Huzaifa S. Sidhpurwala | 2016-02-26 07:50:31 UTC | Depends On | 1301849 | |
| Huzaifa S. Sidhpurwala | 2016-02-26 07:51:07 UTC | Depends On | 1301851 | |
| Timothy Walsh | 2016-02-26 08:33:28 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/httpd=affected,jbews-3/httpd=affected |
| Timothy Walsh | 2016-02-26 08:33:41 UTC | CC | csutherl, dknox, jclere, jdoyle, lgao, mbabacek, myarboro, pslavice, rsvoboda, twalsh, weli | |
| Timothy Walsh | 2016-02-26 08:36:47 UTC | Depends On | 1312239 | |
| Timothy Walsh | 2016-02-26 08:36:56 UTC | Depends On | 1312240 | |
| Timothy Walsh | 2016-02-26 08:52:13 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/httpd=affected,jbews-3/httpd=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected |
| Tomas Hoger | 2016-02-26 15:59:18 UTC | Fixed In Version | openssl 1.0.1s, openssl 1.0.2g | |
| Alias | DROWN | |||
| Huzaifa S. Sidhpurwala | 2016-02-29 07:00:39 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=new,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=new,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected |
| Tomas Hoger | 2016-02-29 09:04:16 UTC | Doc Text | A cross-protocol attack was discovered that could lead to decryption of TLS sessions, by using a server which supports SSLv2. A man-in-the-middle attacker could use this flaw to decrypt TLS traffic between a TLS server and client | A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can use this flaw to decrypt RSA encrypted cipher text, possibly from connection using newer SSL/TLS protocol version, and decrypt such connections. |
| Timothy Walsh | 2016-02-29 13:05:55 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=new,eap-6/openssl=affected |
| Timothy Walsh | 2016-02-29 13:06:05 UTC | CC | bbaranow, bmaxwell, cdewolf, dandread, darran.lofthouse, fnasser, huwang, jason.greene, jawilson, pgier, psakar, rnetuka, vtunka | |
| Timothy Walsh | 2016-02-29 13:10:29 UTC | Depends On | 1312891 | |
| Timothy Walsh | 2016-02-29 13:10:46 UTC | Depends On | 1312892 | |
| Martin Prpič | 2016-02-29 13:19:37 UTC | Doc Text | A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can use this flaw to decrypt RSA encrypted cipher text, possibly from connection using newer SSL/TLS protocol version, and decrypt such connections. | A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. |
| Tomas Hoger | 2016-02-29 13:31:58 UTC | Attachment #1129416 Attachment description | Upstream patch | OpenSSL upstream patch |
| Tomas Hoger | 2016-02-29 13:58:29 UTC | Comment 9 is private | 1 | 0 |
| Martin Prpič | 2016-02-29 14:28:14 UTC | Doc Text | A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. | A padding oracle flaw referred to as DROWN was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. |
| Martin Prpič | 2016-02-29 14:36:34 UTC | Doc Text | A padding oracle flaw referred to as DROWN was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. | A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. |
| Chris Robinson | 2016-02-29 19:55:33 UTC | CC | sherold | |
| Tomas Hoger | 2016-03-01 12:57:05 UTC | Attachment #1129416 Attachment is private | 0 | 1 |
| Martin Prpič | 2016-03-01 13:03:41 UTC | Summary | EMBARGOED CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) | CVE-2016-0800 SSL/TLS: Cross-protocol attack on TLS using SSLv2 (DROWN) |
| Martin Prpič | 2016-03-01 13:03:53 UTC | Group | security, qe_staff | |
| Tomas Hoger | 2016-03-01 14:09:43 UTC | Comment 1 is private | 1 | 0 |
| Comment 7 is private | 1 | 0 | ||
| Comment 9 is private | 1 | 0 | ||
| Tomas Hoger | 2016-03-01 14:11:11 UTC | Attachment #1129416 Attachment is private | 1 | 0 |
| Martin Prpič | 2016-03-01 14:12:00 UTC | Comment 3 is private | 1 | 0 |
| Paul Dwyer | 2016-03-01 15:02:02 UTC | CC | pdwyer | |
| Norman Sardella | 2016-03-01 15:07:03 UTC | CC | sardella | |
| Adam Mariš | 2016-03-01 16:09:10 UTC | Depends On | 1313378 | |
| Adam Mariš | 2016-03-01 16:09:19 UTC | Depends On | 1313366 | |
| Kurt Seifried | 2016-03-02 01:07:51 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=new,eap-6/openssl=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=new,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected |
| Kurt Seifried | 2016-03-02 01:08:05 UTC | CC | jgregusk | |
| Kurt Seifried | 2016-03-02 01:15:28 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=new,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=new,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected |
| Kurt Seifried | 2016-03-02 01:26:42 UTC | Depends On | 1313595 | |
| Kurt Seifried | 2016-03-02 01:28:24 UTC | Depends On | 1313598 | |
| Timothy Walsh | 2016-03-02 04:54:14 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=new,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected |
| Timothy Walsh | 2016-03-02 04:55:37 UTC | Depends On | 1313619 | |
| Huzaifa S. Sidhpurwala | 2016-03-02 05:10:15 UTC | Depends On | 1301850 | |
| Huzaifa S. Sidhpurwala | 2016-03-02 05:10:22 UTC | Depends On | 1301852 | |
| Slawomir Czarko | 2016-03-02 07:41:02 UTC | CC | slawomir | |
| Robert Scheck | 2016-03-02 08:42:10 UTC | CC | redhat-bugzilla | |
| Huzaifa S. Sidhpurwala | 2016-03-02 10:01:53 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=affected,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=wontfix,rhel-7/openssl098e=wontfix,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected |
| Jason Shepherd | 2016-03-02 22:44:20 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=wontfix,rhel-7/openssl098e=wontfix,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=wontfix,rhel-7/openssl098e=wontfix,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3/Core Server=new |
| Jason Shepherd | 2016-03-02 22:44:35 UTC | CC | asantos, jshepherd, miburman, spinder, theute | |
| Jason Shepherd | 2016-03-02 22:45:39 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=wontfix,rhel-7/openssl098e=wontfix,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3/Core Server=new | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=wontfix,rhel-7/openssl098e=wontfix,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3.3.0/Core Server=wontfix,jon-3.3.x/Core Server=new |
| Jason Shepherd | 2016-03-02 22:46:55 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=wontfix,rhel-7/openssl098e=wontfix,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3.3.0/Core Server=wontfix,jon-3.3.x/Core Server=new | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=wontfix,rhel-7/openssl098e=wontfix,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3.3.0/Core Server=wontfix,jon-3.3.x/Core Server=affected |
| Jason Shepherd | 2016-03-02 22:47:55 UTC | Depends On | 1314097 | |
| Pacho Ramos | 2016-03-03 11:08:03 UTC | CC | pachoramos1 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 10:34:39 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=wontfix,rhel-7/openssl098e=wontfix,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3.3.0/Core Server=wontfix,jon-3.3.x/Core Server=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3.3.0/Core Server=wontfix,jon-3.3.x/Core Server=affected |
| Huzaifa S. Sidhpurwala | 2016-03-04 10:35:35 UTC | Depends On | 1314718 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 10:35:41 UTC | Depends On | 1314719 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 10:35:48 UTC | Depends On | 1314720 | |
| Huzaifa S. Sidhpurwala | 2016-03-04 10:35:53 UTC | Depends On | 1314721 | |
| Darren Lawrence | 2016-03-04 21:48:45 UTC | CC | dlawrenc | |
| Radim Hatlapatka | 2016-03-11 08:43:47 UTC | CC | rhatlapa | |
| Summer Long | 2016-03-14 04:27:28 UTC | CC | slong | |
| Doc Text | A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker can potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. | A padding oracle flaw was found in the Secure Sockets Layer version 2.0 (SSLv2) protocol. An attacker could potentially use this flaw to decrypt RSA-encrypted cipher text from a connection using a newer SSL/TLS protocol version, allowing them to decrypt such connections. This cross-protocol attack is publicly referred to as DROWN. | ||
| Chess Hazlett | 2016-03-14 20:10:32 UTC | CC | chazlett | |
| Timothy Walsh | 2016-09-16 02:37:41 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=affected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3.3.0/Core Server=wontfix,jon-3.3.x/Core Server=affected | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3.3.0/Core Server=wontfix,jon-3.3.x/Core Server=affected |
| Adam Mariš | 2016-11-08 15:51:27 UTC | CC | amaris | |
| Vincent Danen | 2017-05-25 19:43:20 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2017-05-25 15:43:20 UTC | |||
| Product Security DevOps Team | 2019-09-29 13:44:17 UTC | Whiteboard | impact=important,public=20160301,reported=20160222,source=upstream,cvss2=5.8/AV:N/AC:M/Au:N/C:P/I:P/A:N,rhel-4/openssl=affected,rhel-5.6.z/openssl=affected,rhel-5.9.z/openssl=affected,rhel-5/openssl=affected,rhel-6.2.z/openssl=affected,rhel-6.4.z/openssl=affected,rhel-6.5.z/openssl=affected,rhel-6.6.z/openssl=affected,rhel-6/openssl=affected,rhel-7.1.z/openssl=affected,rhel-7/openssl=affected,fedora-all/openssl=affected,fedora-all/mingw-openssl=affected,rhel-5/openssl097a=wontfix,rhel-6/openssl098e=affected,rhel-7/openssl098e=affected,epel-5/openssl101e=affected,rhel-5/nss=notaffected,rhel-6/nss=notaffected,rhel-7/nss=notaffected,fedora-all/nss=notaffected,rhev-m-3/rhev-hypervisor=affected,jbews-2/openssl=affected,jbews-3/openssl=affected,eap-5/openssl=notaffected,eap-6/openssl=affected,rhel-7.2.z/rhel-guest-image=affected,rhel-6.7.z/guest-images=affected,jon-3.3.0/Core Server=wontfix,jon-3.3.x/Core Server=affected |
Back to bug 1310593