1161218 – cups can't disable SSLv3

Bug 1161218 - cups can't disable SSLv3

Summary: cups can't disable SSLv3

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 5
Classification:	Red Hat
Component:	cups
Sub Component:
Version:	5.10
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	high
Target Milestone:	rc
Target Release:	---
Assignee:	Tim Waugh
QA Contact:	qe-baseos-daemons
Docs Contact:
URL:
Whiteboard:
Depends On:	1161171
Blocks:	984996 1161172
TreeView+	depends on / blocked

Reported:	2014-11-06 16:30 UTC by Martin Poole
Modified:	2019-03-22 07:23 UTC (History)
CC List:	9 users (show)
Fixed In Version:	cups-1.3.7-32.el5_11
Doc Type:	Bug Fix
Doc Text:	Previously, CUPS did not provide a way of disabling Secure Sockets Layer (SSLv3) support while keeping other secure protocols enabled. This left CUPS users vulnerable to the POODLE attack (CVE-2014-3566, discussed at https://access.redhat.com/articles/1232123), and needing to deploy the stunnel utility for mitigation (as in https://access.redhat.com/solutions/1234843). This update disables SSLv3 support by default. For users who need to continue using SSLv3, an SSLOptions configuration directive has been added to the cupsd.conf file for the cupsd daemon and to the client.conf file for the client programs.
Clone Of:	1161171
Environment:
Last Closed:	2015-01-20 16:47:52 UTC
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
cups-str4476.patch (RHEL-5) (13.14 KB, patch) 2015-01-06 17:01 UTC, Tim Waugh	no flags	Details \| Diff
cups-str4476.patch (RHEL-5) (15.50 KB, patch) 2015-01-08 17:55 UTC, Tim Waugh	no flags	Details \| Diff
Show Obsolete (1) View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0064	0	normal	SHIPPED_LIVE	cups bug fix update	2015-01-27 14:51:42 UTC
Ximian Software (Novell)	1334823	0	None	None	None	Never

Comment 3 RHEL Program Management 2014-11-24 10:57:58 UTC

This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unable to address this
request at this time.

Red Hat invites you to ask your support representative to
propose this request, if appropriate, in the next release of
Red Hat Enterprise Linux.

Comment 4 Tim Waugh 2015-01-06 17:01:53 UTC

Created attachment 976867 [details]
cups-str4476.patch (RHEL-5)

Comment 5 Tim Waugh 2015-01-08 17:55:03 UTC

Created attachment 977866 [details]
cups-str4476.patch (RHEL-5)

Improved patch.

Comment 14 errata-xmlrpc 2015-01-20 16:47:52 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0064.html

Note You need to log in before you can comment on or make changes to this bug.