Bug 84597
Summary: | OpenSSL CBC timing attack | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 2.1 | Reporter: | Mark J. Cox <mjc> |
Component: | openssl | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | Brian Brock <bbrock> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 2.1 | CC: | jabapi, jzaitz, patrik.hall |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2003-04-15 11:26:42 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Mark J. Cox
2003-02-19 13:25:42 UTC
I know you're going to want to backport the fix, but please please please consider biting the bullet and figuring out how to just get to 0.9.6i. There have been ***lots*** of not-as-security-critical bugs fixed between b and i. The one biting me today is that the very cool http://www.washington.edu/pubcookie/ simply will not work on any RedHat system. Could someone please provide some status update here? Other distributors have released their updated openssl packages weeks ago. Is RHL vulnerable and if so, when is the patch coming? Thanks. We wanted to make sure that a fix for the critical sendmail vulnerability would be available on Monday so we adjusted the priority of the OpenSSL errata accordingly. We are working on updated OpenSSL packages and will make them available shortly. Updated OpenSSL packages for Red Hat Linux are now available http://rhn.redhat.com/errata/RHSA-2003-062.html Leaving this bug open until packages for Red Hat Linux Advanced Server are also pushed. Was actually fixed some time ago, see latest OpenSSL advisory http://rhn.redhat.com/errata/RHSA-2003-102.html |