Ticket #1181 (closed general: fixed)

Opened 3 years ago

Last modified 3 years ago

Fedora still vulnerable to BEAST

Reported by: sparks Owned by:
Priority: critical Keywords: security,meeting
Cc: emaldona, kaia, simo Blocked By:



It was recently reported that NSS was not protecting users against BEAST attacks (the fix was backed out). This is affecting every user of Fedora using SSL and TLSv1.0 in any connection that uses NSS.


The reason provided in the ticket was that it broke some programs (pidgin-sipe was the one example provided) when the fix was inserted.


It is recommended that the fix be reapplied to NSS in all versions of Fedora and that any program that breaks be patched to roll back the fix as per the instructions provided in the ticket.

Change History

comment:1 Changed 3 years ago by sgallagh

  • Keywords security,meeting added; security removed

comment:2 Changed 3 years ago by sgallagh

  • AGREED: Apply BEAST patches on F19 (+6,0,-0) and F20 (+7, 0, -0) (sgallagh, 19:48:09)
  • sparks to announce on fedora-devel (pjones, 19:48:20)

comment:3 Changed 3 years ago by kevin

  • Status changed from new to closed
  • Resolution set to fixed

AGREED: close ticket now that nss is rebuilt. Follow up with other related items on list.

Note: See TracTickets for help on using tickets.