Bug 1416856 (CVE-2017-3732)
Summary: | CVE-2017-3732 openssl: BN_mod_exp may produce incorrect results on x86_64 | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bbaranow, bmaxwell, bmcclain, bugzilla-redhat, cdewolf, cfergeau, chazlett, csutherl, dandread, darran.lofthouse, dblechte, dimitris, dosoudil, eedri, erik-fedora, fgavrilo, fnasser, gzaronik, huwang, jawilson, jclere, jondruse, jshepherd, ktietz, lersek, lgao, lsurette, marcandre.lureau, mbabacek, mgoldboi, michal.skrivanek, mturk, myarboro, pgier, pjurak, ppalaga, psakar, pslavice, redhat-bugzilla, rh-spice-bugs, rjones, rnetuka, rstancel, rsvoboda, sardella, slawomir, srevivo, tmraz, twalsh, vtunka, weli, ykaul |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssl 1.0.2k, openssl 1.1.0d | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:06:31 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1416864, 1416865, 1416867, 1420895, 1420896, 1618719, 1618720, 1618721, 1624844, 1624845 | ||
Bug Blocks: | 1416858 |
Description
Andrej Nemec
2017-01-26 15:44:15 UTC
Created openssl101e tracking bugs for this issue: Affects: epel-5 [bug 1416866] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1416864] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 1416865] Affects: epel-7 [bug 1416867] Upstream commit: https://git.openssl.org/?p=openssl.git;a=commitdiff;h=3f4bcf5bb664b47ed369a70b99fac4e0ad141bb3 Affected code does not exist in OpenSSL 1.0.1 and earlier. It's the same code that was affected by the CVE-2015-3193 (bug 1288317). This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Supplementary Via RHSA-2018:2568 https://access.redhat.com/errata/RHSA-2018:2568 This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Supplementary Via RHSA-2018:2575 https://access.redhat.com/errata/RHSA-2018:2575 This issue has been addressed in the following products: Red Hat Satellite 5.8 Via RHSA-2018:2713 https://access.redhat.com/errata/RHSA-2018:2713 |