|Summary:||CVE-2013-4550 CVE-2011-5268 bip: failed SSL handshake resource leak|
|Product:||[Other] Security Response||Reporter:||Kurt Seifried <kseifried>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED UPSTREAM||QA Contact:|
|Version:||unspecified||CC:||bcl, carnil, tross|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2019-06-08 02:30:53 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1028608, 1028609, 1028610|
Description Kurt Seifried 2013-11-08 21:05:19 UTC
Comment 1 Kurt Seifried 2013-11-08 21:08:27 UTC
Created bip tracking bugs for this issue: Affects: fedora-all [bug 1028608] Affects: epel-6 [bug 1028609]
Comment 2 Kurt Seifried 2013-11-08 21:09:55 UTC
Created bip tracking bugs for this issue: Affects: epel-5 [bug 1028610]
Comment 3 Fedora Update System 2013-11-14 03:32:06 UTC
bip-0.8.9-1.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
Comment 4 Fedora Update System 2013-11-21 04:33:12 UTC
bip-0.8.9-1.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
Comment 5 Fedora Update System 2013-11-21 04:34:00 UTC
bip-0.8.9-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
Comment 6 Vincent Danen 2013-12-24 19:38:16 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5268 to the following vulnerability: Name: CVE-2011-5268 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5268 Assigned: 20131224 Reference: https://projects.duckcorp.org/issues/261 Reference: https://projects.duckcorp.org/versions/13 Reference: FEDORA:FEDORA-2013-21006 Reference: http://lists.fedoraproject.org/pipermail/package-announce/2013-November/121868.html Reference: FEDORA:FEDORA-2013-21018 Reference: http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122278.html Reference: FEDORA:FEDORA-2013-21060 Reference: http://lists.fedoraproject.org/pipermail/package-announce/2013-November/122274.html connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes.
Comment 7 Salvatore Bonaccorso 2013-12-27 06:30:37 UTC
Hi Vincent, (In reply to Vincent Danen from comment #6) > Common Vulnerabilities and Exposures assigned an identifier CVE-2011-5268 to > the following vulnerability: > > Name: CVE-2011-5268 > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5268 While this both mentions CVE-2011-5268, the subject has CVE-2013-5268. Is the 2011 identifier the correct one? (assuming so as the issues in the issue tracker are from 2011). Could you clarify what is the difference for CVE-2013-4550 and this second one? Thanks in advance, Salvatore
Comment 8 Ratul Gupta 2013-12-27 09:46:48 UTC
This is indeed CVE-2011-5268 rather than CVE-2013-5268: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-5268
Comment 9 Fedora Update System 2014-03-30 18:47:50 UTC
bip-0.8.9-1.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
Comment 10 Fedora Update System 2014-03-30 18:48:57 UTC
bip-0.8.9-1.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report.
Comment 11 Product Security DevOps Team 2019-06-08 02:30:53 UTC
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.