Bug 476671 (CVE-2008-5077)
Summary: | CVE-2008-5077 OpenSSL Incorrect checks for malformed signatures | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Mark J. Cox <mjc> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | Michal Marciniszyn <mmarcini> | ||||
Severity: | medium | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | kreilly, mmarcini, rjones, rob.townley, security-response-team, syeghiay, tmraz, tvujec, wnefal+redhatbugzilla | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2012-06-21 07:25:25 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 476676, 476677, 476678, 476679, 476680, 476681, 476682, 476683, 476684, 476685, 476686, 476687, 476688, 482112, 530522, 673086, 813718, 1127896 | ||||||
Bug Blocks: | |||||||
Attachments: |
|
Description
Mark J. Cox
2008-12-16 15:15:56 UTC
Created attachment 327115 [details]
proposed patch
now public, removing embargo http://openssl.org/news/secadv_20090107.txt openssl-0.9.8g-9.12.fc9 has been submitted as an update for Fedora 9. http://admin.fedoraproject.org/updates/openssl-0.9.8g-9.12.fc9 openssl-0.9.8g-12.fc10 has been submitted as an update for Fedora 10. http://admin.fedoraproject.org/updates/openssl-0.9.8g-12.fc10 openssl-0.9.8g-9.12.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report. openssl-0.9.8g-12.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report. oCERT advisory: http://www.ocert.org/advisories/ocert-2008-016.html Is it planned to rebuild this in Rawhide? I notice that F-10 contains the fix but Rawhide does not. I'm currently working on upgrade of openssl in rawhide to the latest released upstream version which already contains the fix. It will take some time though as we will need a special build target for rebuild of the dependent packages. |