Bug 1561266 (CVE-2018-0739)
Summary: | CVE-2018-0739 openssl: Handling of crafted recursive ASN.1 structures can cause a stack overflow and resulting denial of service | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | apmukher, bmaxwell, cdewolf, chazlett, csutherl, darran.lofthouse, deesharm, dimitris, dosoudil, erik-fedora, fgavrilo, gzaronik, hasuzuki, jawilson, jclere, jondruse, jorton, kbost, ktietz, lersek, lgao, marcandre.lureau, mbabacek, m-suemitsu, mturk, myarboro, pgier, pjurak, ppalaga, psakar, pslavice, rjones, rnetuka, rstancel, rsvoboda, slawomir, sstavrev, tmraz, twalsh, vtunka, weli, yiwu, yozone, zpytela |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssl 1.1.0h, openssl 1.0.2o | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 10:18:59 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1561267, 1561268, 1561269, 1563285, 1563286, 1563287, 1563288, 1563289 | ||
Bug Blocks: | 1561270 |
Description
Sam Fowler
2018-03-28 01:16:17 UTC
Created openssl tracking bugs for this issue: Affects: fedora-all [bug 1561269] Created mingw-openssl tracking bugs for this issue: Affects: epel-7 [bug 1561267] compat-openssl10-1.0.2o-1.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report. compat-openssl10-1.0.2o-1.fc26 has been pushed to the Fedora 26 stable repository. If problems still persist, please make note of it in this bug report. compat-openssl10-1.0.2o-1.fc27 has been pushed to the Fedora 27 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3090 https://access.redhat.com/errata/RHSA-2018:3090 This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:3221 https://access.redhat.com/errata/RHSA-2018:3221 This issue has been addressed in the following products: Red Hat JBoss Core Services Via RHSA-2019:0366 https://access.redhat.com/errata/RHSA-2019:0366 This issue has been addressed in the following products: JBoss Core Services on RHEL 6 JBoss Core Services on RHEL 7 Via RHSA-2019:0367 https://access.redhat.com/errata/RHSA-2019:0367 This issue has been addressed in the following products: Red Hat JBoss Web Server 3 for RHEL 7 Red Hat JBoss Web Server 3 for RHEL 6 Via RHSA-2019:1711 https://access.redhat.com/errata/RHSA-2019:1711 This issue has been addressed in the following products: Red Hat JBoss Web Server Via RHSA-2019:1712 https://access.redhat.com/errata/RHSA-2019:1712 |