Bug 1745431 - CVE-2016-2183 openshift-enterprise-console-container: SSL/TLS: Birthday attack against 64-bit block ciphers (SWEET32) [openshift-enterprise-3.11.z]
Summary: CVE-2016-2183 openshift-enterprise-console-container: SSL/TLS: Birthday attac...
Alias: None
Deadline: 2016-09-22
Product: OpenShift Container Platform
Classification: Red Hat
Component: Management Console
Version: 3.11.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: ---
: 3.11.z
Assignee: Jakub Hadvig
QA Contact: Yanping Zhang
Depends On: 1773788
Blocks: CVE-2016-2183, SWEET32
TreeView+ depends on / blocked
Reported: 2019-08-26 07:20 UTC by Junqi Zhao
Modified: 2020-10-07 20:53 UTC (History)
9 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1745430
Last Closed: 2020-10-07 20:53:31 UTC
Target Upstream Version:

Attachments (Terms of Use)

Comment 1 Yanping Zhang 2019-08-28 06:41:46 UTC
Reproduced on v3.11.141 for console image.

Comment 3 bpeterse 2019-11-13 21:42:44 UTC
Yanping, any reason this should not also be fixed in 4.x console?

Opening https://github.com/openshift/console/pull/3389 to begin to address.

Comment 4 bpeterse 2019-11-22 16:57:33 UTC
Jason, since we have branched for 4.3, can we get a 4.4 clone?

Comment 5 Jason Shepherd 2019-11-27 01:23:35 UTC
Created 1777129 for 4.4

Comment 6 bpeterse 2020-05-08 16:06:29 UTC
Waiting on 4.5 fix to backport.

Comment 8 Jakub Hadvig 2020-06-19 07:18:15 UTC
This bug did not complete in the current cycle.  Adding UpcomingSprint to have it re-evaluated in the next sprint.

Comment 10 Jakub Hadvig 2020-07-31 14:49:50 UTC
Will fix next sprint

Comment 13 Jakub Hadvig 2020-10-02 15:24:37 UTC
In the middle of backport process.

Comment 14 Stephen Cuppett 2020-10-07 20:53:31 UTC
Thank you for continuing to use Red Hat OpenShift.  As part of a wider bug review, this bug has been evaluated and we have determined that at this time we do not plan to progress it.  As such, we will be closing this bug.  If you have need for continued assistance on this issue, please reopen the bug with additional context on why it needs to be reconsidered.

Note You need to log in before you can comment on or make changes to this bug.