Bug 771771 (CVE-2011-4109)
Summary: | CVE-2011-4109 openssl: double-free in policy checks | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | erik-fedora, kalevlember, ktietz, lfarkas, rjones, tmraz, wnefal+redhatbugzilla |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-09-25 07:55:40 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 773241, 773243, 773331 | ||
Bug Blocks: | 771783 |
Description
Vincent Danen
2012-01-04 22:35:03 UTC
Seems to be the fix here: http://cvs.openssl.org/chngview?cn=21941 Created mingw32-openssl tracking bugs for this issue Affects: epel-5 [bug 773331] This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0060 https://rhn.redhat.com/errata/RHSA-2012-0060.html The affected functions are not present in openssl 0.9.7a either, so Red Hat Enterprise Linux 4 is not affected by this flaw either. Statement: This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 4 and 6. This issue has been addressed in following products: RHEV-H, V2V and Agents for RHEL-5 Via RHSA-2012:0168 https://rhn.redhat.com/errata/RHSA-2012-0168.html This issue has been addressed in following products: JBoss Enterprise Application Platform 6.0.0 Via RHSA-2012:1308 https://rhn.redhat.com/errata/RHSA-2012-1308.html This issue has been addressed in following products: JBoss Enterprise Application Platform 5.1.2 Via RHSA-2012:1307 https://rhn.redhat.com/errata/RHSA-2012-1307.html This issue has been addressed in following products: JBoss Enterprise Web Server 1.0.2 Via RHSA-2012:1306 https://rhn.redhat.com/errata/RHSA-2012-1306.html |