Bug 839735
Summary: | openssl: environment settings honored when used in privileged apps | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | fweimer, mturk, security-response-team, tmraz | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2013-09-30 13:33:39 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 911051, 911052, 911061, 911063 | ||||||
Bug Blocks: | 839918, 919304 | ||||||
Attachments: |
|
Description
Tomas Hoger
2012-07-12 16:53:50 UTC
This is public via: http://rt.openssl.org/Ticket/Display.html?id=2532 openssl-1.0.1e-3.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report. This issue has been addressed in following products: Red Hat Enterprise Linux 5 Red Hat Enterprise Linux 6 Via RHSA-2013:0587 https://rhn.redhat.com/errata/RHSA-2013-0587.html openssl-1.0.0k-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. Created attachment 716927 [details]
Portability patch for __secure_getenv()
This patch which needs to be applied in addition to the ...-secure-getenv.patch adds implementation of __secure_getenv() on non-linux platforms.
The portability patch for __secure_getenv() works as expected on non-linux platforms. |