Back to bug 2181082
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-03-23 05:13:12 UTC | CC | berrange, bootloader-eng-team, csutherl, ddepaula, jclere, jferlan, kraxel, mmadzin, mturk, pbonzini, peholase, pjindal, plodge, rh-spice-bugs, szappis, virt-maint | |
| Sandipan Roy | 2023-03-23 05:13:29 UTC | Blocks | 2180963 | |
| TEJ RATHI | 2023-03-23 05:18:17 UTC | CC | acrosby, adudiak, aoconnor, bdettelb, caswilli, dffrench, dfreiber, dhalasz, dkuc, drieden, fjansen, gzaronik, hbraun, hkataria, ikanias, jary, jburrell, jkoehler, jmitchel, jtanner, jwong, kaycoth, kshier, micjohns, ngough, nweather, psegedy, rgodfrey, rogbas, rravi, stcannon, sthirugn, tfister, tohughes, tsasak, vkrizan, vkumar, vmugicag, yguenane | |
| Sandipan Roy | 2023-03-23 05:22:11 UTC | CC | aileenc, alampare, alazarot, anstephe, avibelli, bgeorges, boliveir, chazlett, clement.escoffier, dandread, dhanak, dkreling, drichtar, emingora, gjospin, gmalinko, gsmet, hamadhan, ibek, janstey, jmartisk, jpavlik, jrokos, kverlaen, lbacciot, lthon, max.andersen, mnovotny, pdelbell, pdrozd, pgallagh, probinso, pskopek, rguimara, rjohnson, rowaters, rrajasek, rruss, rsvoboda, sbiarozk, sdouglas, sthorger | |
| Sandipan Roy | 2023-03-23 05:28:22 UTC | Depends On | 2181085, 2181087, 2181089, 2181088, 2181090, 2181084, 2181086 | |
| Sandipan Roy | 2023-03-23 05:37:45 UTC | Depends On | 2181095, 2181098, 2181099, 2181096, 2181094, 2181097, 2181093 | |
| Sandipan Roy | 2023-03-23 05:39:15 UTC | Depends On | 2181100, 2181103, 2181104, 2181105, 2181101, 2181102 | |
| Sandipan Roy | 2023-03-23 06:06:42 UTC | Doc Text | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. | |
| Sandipan Roy | 2023-03-23 06:10:45 UTC | Fixed In Version | openssl 3.1.1, openssl 3.0.9, openssl 1.1.1u | |
| Sandipan Roy | 2023-03-23 09:18:11 UTC | Severity | medium | low |
| Priority | medium | low | ||
| Sandipan Roy | 2023-03-23 09:21:20 UTC | CC | aileenc, alampare, alazarot, anstephe, avibelli, bgeorges, boliveir, chazlett, clement.escoffier, dandread, dhanak, dkreling, drichtar, emingora, gjospin, gmalinko, gsmet, hamadhan, ibek, janstey, jmartisk, jpavlik, jrokos, kverlaen, lbacciot, lthon, max.andersen, mnovotny, pdelbell, pdrozd, pgallagh, probinso, pskopek, rguimara, rjohnson, rowaters, rrajasek, rruss, rsvoboda, sbiarozk, sdouglas, sthorger | |
| RaTasha Tillery-Smith | 2023-03-23 13:58:10 UTC | Doc Text | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or by calling the X509_VERIFY_PARAM_set1_policies()' function. | A security vulnerability has been identified in all supported OpenSSL versions related to verifying X.509 certificate chains that include policy constraints. This flaw allows attackers to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial of service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the -policy' argument to the command line utilities or calling the X509_VERIFY_PARAM_set1_policies()' function. |
| masanari iida | 2023-03-24 06:39:23 UTC | CC | jwong | |
| CC | masanari.iida | |||
| Clemens Lang | 2023-04-13 12:30:07 UTC | Flags | needinfo?(saroy) | |
| Sandipan Roy | 2023-04-14 04:05:37 UTC | Depends On | 2186662, 2186661 | |
| Sandipan Roy | 2023-04-14 04:08:01 UTC | Flags | needinfo?(saroy) | |
| Red Hat Bugzilla | 2023-05-15 18:09:25 UTC | CC | drieden | |
| Kazu Yoshida | 2023-06-20 01:59:58 UTC | CC | kyoshida, security-response-team | |
| Flags | needinfo?(security-response-team) | |||
| Product Security DevOps Team | 2023-06-20 12:07:06 UTC | Flags | needinfo?(security-response-team) | needinfo?(saroy) |
| Sandipan Roy | 2023-06-20 13:13:01 UTC | Flags | needinfo?(saroy) | |
| errata-xmlrpc | 2023-06-21 14:38:58 UTC | Link ID | Red Hat Product Errata RHSA-2023:3722 | |
| Product Security DevOps Team | 2023-06-22 02:43:22 UTC | Resolution | --- | ERRATA |
| Status | NEW | CLOSED | ||
| Last Closed | 2023-06-22 02:43:22 UTC | |||
| Manish Dogra | 2023-06-23 14:36:55 UTC | Flags | needinfo?(security-response-team) | |
| CC | mdogra | |||
| Valerie Sroka | 2023-06-23 14:46:57 UTC | CC | vsroka | |
| Flags | needinfo?(security-response-team) |
Back to bug 2181082