Back to bug 2182561
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Sandipan Roy | 2023-03-29 03:18:24 UTC | CC | berrange, bootloader-eng-team, csutherl, ddepaula, jclere, jferlan, kraxel, mmadzin, mturk, pbonzini, peholase, pjindal, plodge, rh-spice-bugs, szappis, virt-maint | |
| Sandipan Roy | 2023-03-29 03:20:32 UTC | Blocks | 2182416 | |
| Sandipan Roy | 2023-03-29 03:28:34 UTC | Depends On | 2182575, 2182568, 2182570, 2182574, 2182571, 2182573, 2182569, 2182567, 2182572 | |
| Sandipan Roy | 2023-03-29 03:42:54 UTC | Doc Text | A low severity vulnerability was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | |
| TEJ RATHI | 2023-03-29 04:05:15 UTC | CC | acrosby, adudiak, aoconnor, bdettelb, caswilli, dffrench, dfreiber, dhalasz, dkuc, drieden, fjansen, gzaronik, hbraun, hkataria, ikanias, jary, jburrell, jkoehler, jmitchel, jtanner, jwong, kaycoth, kshier, micjohns, ngough, nweather, psegedy, rgodfrey, rogbas, rravi, stcannon, sthirugn, tfister, tohughes, tsasak, vkrizan, vkumar, vmugicag, yguenane | |
| TEJ RATHI | 2023-03-29 04:09:01 UTC | Depends On | 2182590, 2182592, 2182598, 2182594, 2182596, 2182589, 2182599, 2182591, 2182600, 2182595, 2182593, 2182597 | |
| RaTasha Tillery-Smith | 2023-03-29 12:57:26 UTC | Doc Text | A low severity vulnerability was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. Invalid certificate policies in leaf certificates are silently ignored by OpenSSL and other certificate policy checks are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies in order to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. | A flaw was found in OpenSSL. Applications that use a non-default option when verifying certificates may be vulnerable to an attack from a malicious CA to circumvent certain checks. OpenSSL and other certificate policy checks silently ignore invalid certificate policies in leaf certificates that are skipped for that certificate. A malicious CA could use this to deliberately assert invalid certificate policies to circumvent policy checking on the certificate altogether. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function. |
| RHEL Program Management Team | 2023-04-17 16:06:29 UTC | CC | jwong | |
| CC | jkoehler | |||
| Depends On | 2187429 | |||
| Red Hat Bugzilla | 2023-05-15 18:09:18 UTC | CC | drieden | |
| errata-xmlrpc | 2023-06-21 14:39:00 UTC | Link ID | Red Hat Product Errata RHSA-2023:3722 | |
| Product Security DevOps Team | 2023-06-22 03:26:42 UTC | Status | NEW | CLOSED |
| Resolution | --- | ERRATA | ||
| Last Closed | 2023-06-22 03:26:42 UTC |
Back to bug 2182561