1745431 – CVE-2016-2183 openshift-enterprise-console-container: SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) [openshift-enterprise-3.11.z]

Bug 1745431 - CVE-2016-2183 openshift-enterprise-console-container: SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) [openshift-enterprise-3.11.z]

Summary: CVE-2016-2183 openshift-enterprise-console-container: SSL/TLS: Birthday attac...

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Deadline:	2016-09-22
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Management Console
Sub Component:
Version:	3.11.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	urgent
Severity:	medium
Target Milestone:	---
Target Release:	3.11.z
Assignee:	Jakub Hadvig
QA Contact:	Yanping Zhang
Docs Contact:
URL:
Whiteboard:
Depends On:	1773788
Blocks:	CVE-2016-2183, SWEET32
TreeView+	depends on / blocked

Reported:	2019-08-26 07:20 UTC by Junqi Zhao
Modified:	2024-03-25 15:23 UTC (History)
CC List:	9 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	1745430
Environment:
Last Closed:	2020-10-07 20:53:31 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Comment 1 Yanping Zhang 2019-08-28 06:41:46 UTC

Reproduced on v3.11.141 for console image.

Comment 3 bpeterse 2019-11-13 21:42:44 UTC

Yanping, any reason this should not also be fixed in 4.x console?

Opening https://github.com/openshift/console/pull/3389 to begin to address.

Comment 4 bpeterse 2019-11-22 16:57:33 UTC

Jason, since we have branched for 4.3, can we get a 4.4 clone?

Comment 5 Jason Shepherd 2019-11-27 01:23:35 UTC

Created 1777129 for 4.4

Comment 6 bpeterse 2020-05-08 16:06:29 UTC

Waiting on 4.5 fix to backport.

Comment 8 Jakub Hadvig 2020-06-19 07:18:15 UTC

This bug did not complete in the current cycle.  Adding UpcomingSprint to have it re-evaluated in the next sprint.

Comment 10 Jakub Hadvig 2020-07-31 14:49:50 UTC

Will fix next sprint

Comment 13 Jakub Hadvig 2020-10-02 15:24:37 UTC

In the middle of backport process.

Comment 14 Stephen Cuppett 2020-10-07 20:53:31 UTC

Thank you for continuing to use Red Hat OpenShift.  As part of a wider bug review, this bug has been evaluated and we have determined that at this time we do not plan to progress it.  As such, we will be closing this bug.  If you have need for continued assistance on this issue, please reopen the bug with additional context on why it needs to be reconsidered.

Note You need to log in before you can comment on or make changes to this bug.