OpenSSL DROWN vulnerability and related CVEs
Bug #1552662 reported by
Adam Heczko
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mirantis OpenStack |
Fix Released
|
High
|
Denis Puchkin | ||
5.1.x |
Won't Fix
|
High
|
Denis Puchkin | ||
6.0.x |
Won't Fix
|
High
|
Denis Puchkin | ||
6.1.x |
Fix Released
|
High
|
Denis Puchkin | ||
7.0.x |
Fix Released
|
High
|
Denis Puchkin | ||
8.0.x |
Fix Released
|
High
|
Denis Puchkin | ||
9.x |
Invalid
|
High
|
MOS Linux |
Bug Description
Problem description:
OpenSSL package shipped with MOS have multiple security vulnerabilities.
These packages are coming from upstream Linux distributions and we should provide information + mechanism how to apply patches from upstream.
Upstream information:
https:/
http://
http://
Solution proposal:
Proposal is described in this Google sheet:
https:/
Changed in mos: | |
assignee: | nobody → MOS Maintenance (mos-maintenance) |
tags: | added: feature-security |
information type: | Private Security → Public Security |
To post a comment you must log in.
Tarballs for CentOS-6, Ubuntu-12.04 with updated packages http:// 172.18. 10.67/drown/