Bug 1421695 (CVE-2017-3733)
Summary: | CVE-2017-3733 openssl: Encrypt-Then-Mac renegotiation crash | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Martin Prpič <mprpic> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED NOTABUG | QA Contact: | |||||
Severity: | high | Docs Contact: | |||||
Priority: | high | ||||||
Version: | unspecified | CC: | sardella, security-response-team | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | openssl 1.1.0e | Doc Type: | If docs needed, set a value | ||||
Doc Text: |
It was found that changing the ciphersuite during a renegotiation of the Encrypt-Then-Mac extension could result in a crash of the OpenSSL server or client.
|
Story Points: | --- | ||||
Clone Of: | Environment: | ||||||
Last Closed: | 2017-02-13 13:14:32 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Attachments: |
|
Description
Martin Prpič
2017-02-13 13:12:40 UTC
External References: https://www.openssl.org/news/secadv/20170216.txt Acknowledgments: Name: the OpenSSL project Upstream: Joe Orton (Red Hat) Created attachment 1249850 [details] CVE-2017-3733 patch |