Bug 771780 (CVE-2011-4619)
| Summary: | CVE-2011-4619 openssl: SGC restart DoS attack | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | erik-fedora, kalevlember, ktietz, lfarkas, mvadkert, rjones, tmraz, wnefal+redhatbugzilla |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2012-09-25 07:57:13 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 773239, 773240, 773241, 773243, 773246, 773330, 773331, 846586 | ||
| Bug Blocks: | 771783 | ||
|
Description
Vincent Danen
2012-01-04 22:50:40 UTC
Seems to be the fix here: http://cvs.openssl.org/chngview?cn=21940 (0.9.8) http://cvs.openssl.org/chngview?cn=21927 (1.0.0) This is the real commit for 0.9.8: http://cvs.openssl.org/chngview?cn=21939 And for 1.0.0 this is also needed: http://cvs.openssl.org/chngview?cn=21930 openssl-1.0.0f-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. Created mingw32-openssl tracking bugs for this issue Affects: fedora-all [bug 773330] Affects: epel-5 [bug 773331] openssl-1.0.0f-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:0060 https://rhn.redhat.com/errata/RHSA-2012-0060.html This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:0059 https://rhn.redhat.com/errata/RHSA-2012-0059.html This issue has been addressed in following products: Red Hat Enterprise Linux 4 Via RHSA-2012:0086 https://rhn.redhat.com/errata/RHSA-2012-0086.html This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2012:0109 https://rhn.redhat.com/errata/RHSA-2012-0109.html This issue has been addressed in following products: RHEV-H, V2V and Agents for RHEL-5 Via RHSA-2012:0168 https://rhn.redhat.com/errata/RHSA-2012-0168.html The fix for this issue was corrected in upstream OpenSSL versions 0.9.8u and 1.0.0h: http://cvs.openssl.org/chngview?cn=22131 It seems this bug could cause SGC handshakes to fail after the security patch was applied. This issue has been addressed in following products: JBoss Enterprise Application Platform 6.0.0 Via RHSA-2012:1308 https://rhn.redhat.com/errata/RHSA-2012-1308.html This issue has been addressed in following products: JBoss Enterprise Application Platform 5.1.2 Via RHSA-2012:1307 https://rhn.redhat.com/errata/RHSA-2012-1307.html This issue has been addressed in following products: JBoss Enterprise Web Server 1.0.2 Via RHSA-2012:1306 https://rhn.redhat.com/errata/RHSA-2012-1306.html |