Bug 802489 (CVE-2012-1165)
Summary: | CVE-2012-1165 openssl: mime_param_cmp NULL dereference crash | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | anande, mvadkert, tmraz |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | openssl 0.9.8u, openssl 1.0.0h | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2012-09-25 07:58:58 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 802816, 802817, 802820, 804550, 804551, 804552, 804553 | ||
Bug Blocks: | 802502 |
Description
Tomas Hoger
2012-03-12 16:58:10 UTC
Created mingw32-openssl tracking bugs for this issue Affects: fedora-all [bug 802817] Affects: epel-5 [bug 802820] Created openssl tracking bugs for this issue Affects: fedora-all [bug 802816] This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2012:0426 https://rhn.redhat.com/errata/RHSA-2012-0426.html openssl-1.0.0h-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. openssl-1.0.0h-1.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. openssl-1.0.0h-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. openssl-1.0.0h-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. This comment was flagged a spam, view the edit history to see the original text if required. (In reply to comment #15) > Is RHEL 4 ELS vulnerable to NULL pointer could be dereferencing when parsing > certain S/MIME messages? If so will there be a fix released? This affects Red Hat Enterprise Linux 4 openssl packages and is not planned to get fixed. Refer to Life Cycle and Update Policies pages for details on what fixes are addressed during the Extended Life Phase via ELS: https://access.redhat.com/support/policy/updates/errata/#Extended_Life_Cycle_Phase This issue has been addressed in following products: JBoss Enterprise Application Platform 6.0.0 Via RHSA-2012:1308 https://rhn.redhat.com/errata/RHSA-2012-1308.html This issue has been addressed in following products: JBoss Enterprise Application Platform 5.1.2 Via RHSA-2012:1307 https://rhn.redhat.com/errata/RHSA-2012-1307.html This issue has been addressed in following products: JBoss Enterprise Web Server 1.0.2 Via RHSA-2012:1306 https://rhn.redhat.com/errata/RHSA-2012-1306.html |