Bug 1523504 (CVE-2017-3737)
Summary: | CVE-2017-3737 openssl: Read/write after SSL object in error state | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Andrej Nemec <anemec> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | apmukher, bmaxwell, bmcclain, casmith, cdewolf, cfergeau, chazlett, christian.m.carawan.civ, csutherl, darran.lofthouse, dblechte, dcox, dimitris, dosoudil, eedri, erik-fedora, extras-orphan, fgavrilo, fkrska, gzaronik, jawilson, jclere, jondruse, jorton, jshepherd, kbost, ktietz, lersek, lgao, lsurette, marcandre.lureau, mbabacek, mgoldboi, michal.skrivanek, mis, mpoole, mturk, myarboro, pgier, pjurak, ppalaga, psakar, pslavice, ravpatil, rh-spice-bugs, rjones, rnetuka, rstancel, rsvoboda, sherold, slawomir, srevivo, tmraz, twalsh, vtunka, weli, ykaul, yozone |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssl 1.0.2n | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-08 03:32:55 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1523511, 1523513, 1524795, 1524796, 1525029, 1525347, 1527300, 1544443 | ||
Bug Blocks: | 1523515 |
Description
Andrej Nemec
2017-12-08 07:36:43 UTC
Created mingw-openssl tracking bugs for this issue: Affects: epel-7 [bug 1523513] Affects: fedora-all [bug 1523511] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1523512] Any ETA for release of fix for openssl ? Any ETA on this... Failing PCI Scans because of this... I'm also have PCI scans fail and the Treasurer is not happy! Any ETA would be helpful. Thanks Can anyone from Redhat provide feedback on where this issue sits? An ETA has been requested multiple times, with no response. Feedback, with an ETA would be extremely helpful. It's now been almost 4 months since this bug was identified, and there is still no updated package, and no ETA on an updated package. What's the problem here? Can we all get an ETA on this update? Per https://bugzilla.redhat.com/show_bug.cgi?id=1544443, this is fixed in RHEL 7.5 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:0998 https://access.redhat.com/errata/RHSA-2018:0998 This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2018:2187 https://access.redhat.com/errata/RHSA-2018:2187 This issue has been addressed in the following products: JBoss Core Services on RHEL 6 Via RHSA-2018:2186 https://access.redhat.com/errata/RHSA-2018:2186 This issue has been addressed in the following products: JBoss Core Services on RHEL 7 Via RHSA-2018:2185 https://access.redhat.com/errata/RHSA-2018:2185 |