Bug 1379310 (CVE-2016-7052)
Summary: | CVE-2016-7052 openssl: Missing CRL sanity check | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bbaranow, bmaxwell, cdewolf, csutherl, dandread, darran.lofthouse, dosoudil, erik-fedora, fnasser, gzaronik, huwang, jaeshin, jawilson, jclere, ktietz, lgao, marcandre.lureau, mbabacek, myarboro, pgier, psakar, pslavice, redhat-bugzilla, rjones, rnetuka, rsvoboda, sardella, tmraz, twalsh, vtunka, weli |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssl 1.0.2j | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2016-09-26 10:52:28 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 1367347 |
Description
Tomas Hoger
2016-09-26 10:47:57 UTC
Upstream commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=6e629b5be45face20b4ca71c4fcbfed78b864a2e No Red Hat product was affected by this issue, as there's no product includes OpenSSL version 1.0.2i. Fedora openssl packages are being updated to 1.0.2i in response to upstream security advisory released on Sep22, but those updates have not yet been pushed to stable. Fedora update requests will be updated to include packages with this issue addressed before updates are pushed to stable. |