SCIENTIFIC-LINUX-USERS Archives

July 2015

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
CVE - CVE-2015-1793 openssl
From:
Connie Sieh <[log in to unmask]>
Reply To:
Connie Sieh <[log in to unmask]>
Date:
Thu, 9 Jul 2015 10:23:07 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (48 lines) 
https://access.redhat.com/solutions/1523323 claims that RHEL is not vulnerable 
to this as the feature that is vulnerable is not in the RHEL versions of 
openssl.

So there will NOT be a new openssl security errata today.

------------------------------------------------------------------------------

This was the anticipated openssl vulnerability that was to be released on July 
9,2015

       OpenSSL Security Advisory [9 Jul 2015]
       =======================================

       Alternative chains certificate forgery (CVE-2015-1793)
       ======================================================

       Severity: High

       During certificate verification, OpenSSL (starting from
       version 1.0.1n and
       1.0.2b) will attempt to find an alternative certificate
       chain if the first
       attempt to build such a chain fails. An error in the
       implementation of this
       logic can mean that an attacker could cause certain checks
       on untrusted
       certificates to be bypassed, such as the CA flag, enabling
       them to use a valid
       leaf certificate to act as a CA and "issue" an invalid
       certificate.

       This issue will impact any application that verifies
       certificates including
       SSL/TLS/DTLS clients and SSL/TLS/DTLS servers using client
       authentication.

--

Connie J. Sieh
Computing Services Specialist III

Fermi National Accelerator Laboratory
630 840 8531 office

http://www.fnal.gov
[log in to unmask]

ATOM RSS1 RSS2