Bug 492623 (CVE-2009-0591)
Summary: | CVE-2009-0591 openssl: incorrect error checking during CMS verification | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | Anwar.carter1.ctr, nalin, tmraz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0591 | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2009-03-27 18:56:31 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 482112, 530522, 1127896 | ||
Bug Blocks: |
Description
Vincent Danen
2009-03-27 18:48:51 UTC
This issue does not affect Red Hat Enterprise Linux 2.1, 3, 4, or 5. Current stable Fedora versions (F9 and F10) were not affected too, as they ship openssl 0.9.8g and the affected functionality was only introduced in 0.9.8h. Rawhide/F11 was affected (even though CMS is not enabled in the upstream sources by default, it is enabled explicitly in the Fedora spec file) and has already been updated to the fixed upstream version 0.9.8k. |