Bug 658977 (CVE-2010-3614)
Summary: | CVE-2010-3614 bind: key algorithm rollover may mark secure answers as insecure | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | atkac, mcermak |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2010-12-13 20:06:25 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 658987, 658990, 659266, 659267, 659268, 659269, 659270 | ||
Bug Blocks: |
Description
Vincent Danen
2010-12-01 18:16:16 UTC
Created bind tracking bugs for this issue Affects: fedora-14 [bug 658987] Created bind tracking bugs for this issue Affects: fedora-13 [bug 658990] This issue is planned to be addressed in bind packages in Red Hat Enterprise Linux 5 and 6. There's no plan to address this low-impact flaw in Red Hat Enterprise Linux 4, where bind does not implement support for currently used DNSSEC protocol version. This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2010:0975 https://rhn.redhat.com/errata/RHSA-2010-0975.html This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2010:0976 https://rhn.redhat.com/errata/RHSA-2010-0976.html Statement: The Red Hat Security Response Team has rated this issue as having low security impact. Because the version of bind in Red Hat Enterprise Linux 4 does not implement support for the currently-used DNSSEC protocol version, there is no plan to address this flaw there. It has been addressed in Red Hat Enterprise Linux 5 (via RHSA-2010:0975) and Red Hat Enterprise Linux 6 (via RHSA-2010:0976). |