Bug 118622 – OpenSSL updated needed for CAN-2004-0079, CAN-2004-0081, CAN-2004-0112

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 118622 - OpenSSL updated needed for CAN-2004-0079, CAN-2004-0081, CAN-2004-0112

Summary:	OpenSSL updated needed for CAN-2004-0079, CAN-2004-0081, CAN-2004-0112

Status:	CLOSED RAWHIDE

Aliases:	None

Product:	Fedora
Classification:	Fedora
Component:	openssl (Show other bugs)
Sub Component:
Version:	1
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Joe Orton
QA Contact:
Docs Contact:

URL:
Whiteboard:
Keywords:	Security

Depends On:
Blocks:
	Show dependency tree / graph

Reported:	2004-03-18 08:28 EST by Joe Orton
Modified:	2007-11-30 17:10 EST (History)
CC List:	2 users (show)

See Also:
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2004-03-25 05:17:00 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Joe Orton 2004-03-18 08:28:09 EST

Description of problem:
CAN-2004-0079 and CAN-2004-0079 affect the openssl-0.9.7a packages
shipped in Fedora Core 1.  CAN-2004-0081 affects the openssl096 and
openssl-096b compat packages shipped in Fedora Core 1.

This is a tracker bug for this issue.

Comment 1 Daniel Roesen 2004-03-18 09:19:46 EST

All this is fixed already for RH9. Why no rebuild and pushing it out
for FC1?

Comment 2 Joe Orton 2004-03-18 12:11:44 EST

Response at:
http://www.redhat.com/archives/fedora-list/2004-March/msg03909.html

Comment 3 Robert Scheck 2004-03-18 13:07:25 EST

Strange, the "stuff", as you write it in your posting at the 
mailinglist is tested for RH9 - and what's up with RHEL3? There is
an update available...untested?! So the latest update from OpenSSL for
RHEL3 and Fedora Development don't differ much. 

I still can't understand why the problem is fixed in the old RH9 (which
is near EOL), but also in the new RHEL3 which has approximately the 
same version as FC1/Rawhide, but there it isn't solved. ?:-|

Comment 4 Joe Orton 2004-03-18 14:55:36 EST

FC1 update packages were made available for testing earlier today as
per fedora-test posting.  If you wish to accelerate progress of these
updates then test the packages and post results here.  Please keep any
other discussion to the mailing list.

Comment 5 Kaj J. Niemi 2004-03-19 09:06:27 EST

openssl-0.9.7a-33.10 Works For Me(tm) on the about 10 FC1 servers I
installed it on so far. There have been no issues with it during
upgrade/freshen and/or operation. Services in use are ssh, mod_ssl,
imapd with ssl. I'll upgrade the rest during the weekend but am not
expecting any problems.

Just a confirmation that things seem to work.

Comment 6 Joe Orton 2004-03-25 05:17:00 EST

Thanks Kaj for posting your feedback; the update was released last Friday.

Note You need to log in before you can comment on or make changes to this bug.