Bug 1745431 - CVE-2016-2183 openshift-enterprise-console-container: SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) [openshift-enterprise-3.11.z]
Summary: CVE-2016-2183 openshift-enterprise-console-container: SSL/TLS: Birthday attac...
Keywords:
Status: CLOSED WONTFIX
Alias: None
Deadline: 2016-09-22
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
urgent
medium
Target Milestone: ---
: 3.11.z
Assignee: Jakub Hadvig
QA Contact: Yanping Zhang
URL:
Whiteboard:
Depends On: 1773788
Blocks: CVE-2016-2183, SWEET32
TreeView+ depends on / blocked
 
Reported: 2019-08-26 07:20 UTC by Junqi Zhao
Modified: 2020-10-07 20:53 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1745430
Environment:
Last Closed: 2020-10-07 20:53:31 UTC
Target Upstream Version:

Attachments (Terms of Use)

Comment 1 Yanping Zhang 2019-08-28 06:41:46 UTC 
Reproduced on v3.11.141 for console image.
Comment 3 bpeterse 2019-11-13 21:42:44 UTC 
Yanping, any reason this should not also be fixed in 4.x console?

Opening https://github.com/openshift/console/pull/3389 to begin to address.
Comment 4 bpeterse 2019-11-22 16:57:33 UTC 
Jason, since we have branched for 4.3, can we get a 4.4 clone?
Comment 5 Jason Shepherd 2019-11-27 01:23:35 UTC 
Created 1777129 for 4.4
Comment 6 bpeterse 2020-05-08 16:06:29 UTC 
Waiting on 4.5 fix to backport.
Comment 8 Jakub Hadvig 2020-06-19 07:18:15 UTC 
This bug did not complete in the current cycle.  Adding UpcomingSprint to have it re-evaluated in the next sprint.
Comment 10 Jakub Hadvig 2020-07-31 14:49:50 UTC 
Will fix next sprint
Comment 13 Jakub Hadvig 2020-10-02 15:24:37 UTC 
In the middle of backport process.
Comment 14 Stephen Cuppett 2020-10-07 20:53:31 UTC 
Thank you for continuing to use Red Hat OpenShift.  As part of a wider bug review, this bug has been evaluated and we have determined that at this time we do not plan to progress it.  As such, we will be closing this bug.  If you have need for continued assistance on this issue, please reopen the bug with additional context on why it needs to be reconsidered.
Note You need to log in before you can comment on or make changes to this bug.