Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 734316 - Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34)
Fraudulent certificates signed by DigiNotar CA certificate (MFSA 2011-34)
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
public=20110830,reported=20110830,sou...
: Security
: 734846 (view as bug list)
Depends On: 734317 734318 734319 734320 734321 734322 734323 734324 734325 734326 734327 734328
Blocks: 734337 735432
  Show dependency treegraph
 
Reported: 2011-08-30 01:17 EDT by Huzaifa S. Sidhpurwala
Modified: 2012-04-30 13:15 EDT (History)
9 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-12-05 02:59:15 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


External Trackers
Tracker ID Priority Status Summary Last Updated
Mozilla Foundation 682927 None None None Never
Red Hat Product Errata RHSA-2011:1242 normal SHIPPED_LIVE Important: firefox security update 2011-08-31 16:07:01 EDT
Red Hat Product Errata RHSA-2011:1243 normal SHIPPED_LIVE Important: thunderbird security update 2011-08-31 16:02:00 EDT
Red Hat Product Errata RHSA-2011:1244 normal SHIPPED_LIVE Important: seamonkey security update 2011-08-31 16:22:32 EDT
Red Hat Product Errata RHSA-2011:1282 normal SHIPPED_LIVE Important: nss and nspr security update 2011-09-12 15:02:58 EDT
Red Hat Product Errata RHSA-2012:0532 normal SHIPPED_LIVE Important: nss security update 2012-04-30 17:13:37 EDT

  None (edit)
Description Huzaifa S. Sidhpurwala 2011-08-30 01:17:37 EDT 
Mozilla has reported about the issuance of at least one fraudulent SSL certificate for public websites belonging to Google, Inc. 

Reference:
https://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
Comment 5 Vincent Danen 2011-08-31 00:16:11 EDT 
MFSA 2011-34 corrects this in Firefox 6.0.1, Firefox 3.6.21, Thunderbird 6.0.1, Thunderbird 3.1.13, and SeaMonkey 2.3.2:

http://www.mozilla.org/security/announce/2011/mfsa2011-34.html
Comment 6 Karl Abbott 2011-08-31 11:49:02 EDT 
*** Bug 734846 has been marked as a duplicate of this bug. ***
Comment 7 errata-xmlrpc 2011-08-31 16:02:06 EDT 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5

Via RHSA-2011:1243 https://rhn.redhat.com/errata/RHSA-2011-1243.html
Comment 8 errata-xmlrpc 2011-08-31 16:07:08 EDT 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2011:1242 https://rhn.redhat.com/errata/RHSA-2011-1242.html
Comment 9 errata-xmlrpc 2011-08-31 16:22:38 EDT 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2011:1244 https://rhn.redhat.com/errata/RHSA-2011-1244.html
Comment 10 Oron Peled 2011-09-05 01:31:04 EDT 
This severe issue has not been addressed at all in Fedora (14, 15, 16).
As a minimum, a security advisory is in place, instructing users to
manually remove Diginotar certificates. E.g (some dumbed-down guide):
 http://www.linuxbsdos.com/2011/09/04/how-to-delete-diginotar-ca-certificate-from-firefox/
Comment 11 Jan Vlug 2011-09-05 03:33:15 EDT 
See bug#734679.
I consider this bug as very urgent. Fraudulent certificates have been released for Google, Twitter, Yahoo, and possible Dutch government sites.
Comment 12 Huzaifa S. Sidhpurwala 2011-09-05 03:52:49 EDT 
Oron, Jan,

We are waiting for upstream to release fixed packages for Mozilla products. Once they do, we will release them for fedora.
Comment 13 errata-xmlrpc 2011-09-12 15:03:08 EDT 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 6

Via RHSA-2011:1282 https://rhn.redhat.com/errata/RHSA-2011-1282.html
Comment 14 errata-xmlrpc 2012-04-30 13:15:52 EDT 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 5.6 EUS - Server Only

Via RHSA-2012:0532 https://rhn.redhat.com/errata/RHSA-2012-0532.html
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.