Bug 1152967 (CVE-2014-3568)
Summary: | CVE-2014-3568 openssl: Build option no-ssl3 is incomplete | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Huzaifa S. Sidhpurwala <huzaifas> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | aneelica, cdewolf, csutherl, dandread, darran.lofthouse, dknox, fnasser, gmurphy, huwang, jason.greene, jawilson, jclere, jdoyle, kkhan, lgao, mbabacek, myarboro, pgier, pslavice, rsvoboda, security-response-team, tmraz, twalsh, vtunka, weli |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssl 0.9.8zc, openssl 1.0.0o, openssl 1.0.1j | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2014-10-15 09:47:45 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1153471, 1153473 | ||
Bug Blocks: | 1152790 |
Description
Huzaifa S. Sidhpurwala
2014-10-15 09:46:18 UTC
Statement: Not vulnerable. The versions of openssl package as shipped in Red Hat Enterprise Linux 5, 6 and 7; Red Hat JBoss Enterprise Application Platform 5 and 6; and Red Hat JBoss Enterprise Web Server 1 and 2 are not build with the "no-ssl3" option and therefore are not vulnerable to this security flaw. Upstream patch: OpenSSL-1.0.1: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=26a59d9b46574e457870197dffa802871b4c8fc7 OpenSSL-0.9.8: https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=cd332a07503bd9771595de87e768179f81715704 Fixed upstream in OpenSSL versions 0.9.8zc, 1.0.0o and 1.0.1j: https://www.openssl.org/news/secadv_20141015.txt |