Summary: | CVE-2012-0050 openssl: remote DTLS server DoS introduced in the CVE-2011-4108 fix | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | tmraz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-02-15 16:24:43 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Bug Depends On: | 783122 | ||
Bug Blocks: | 771783 |
Description
Tomas Hoger
2012-01-18 14:12:10 UTC
As openssl updates for Red Hat Enterprise Linux addressing CVE-2011-4108 have not been released yet, no released openssl version in Red Hat Enterprise Linux is affected by this flaw. Future updates will use corrected CVE-2011-4108 fix that does not introduce this problem. openssl packages versions in Red Hat Enterprise Linux 3 and 4 do not have DTLS support and hence can not be affected by this issue or CVE-2011-4108. Statement: Not vulnerable. This issue did not affect the versions of openssl as shipped with Red Hat Enterprise Linux 3, 4, 5, and 6. Created openssl tracking bugs for this issue Affects: fedora-all [bug 783122] openssl-1.0.0g-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. openssl-1.0.0g-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. |