Ticket #1181 (closed general: fixed)

Opened 23 months ago

Last modified 22 months ago

Fedora still vulnerable to BEAST

Reported by: sparks Owned by:
Priority: critical Keywords: security,meeting
Cc: emaldona, kaia, simo Blocked By:



It was recently reported that NSS was not protecting users against BEAST attacks (the fix was backed out). This is affecting every user of Fedora using SSL and TLSv1.0 in any connection that uses NSS.


The reason provided in the ticket was that it broke some programs (pidgin-sipe was the one example provided) when the fix was inserted.


It is recommended that the fix be reapplied to NSS in all versions of Fedora and that any program that breaks be patched to roll back the fix as per the instructions provided in the ticket.

Change History

comment:1 Changed 23 months ago by sgallagh

  • Keywords security,meeting added; security removed

comment:2 Changed 23 months ago by sgallagh

  • AGREED: Apply BEAST patches on F19 (+6,0,-0) and F20 (+7, 0, -0) (sgallagh, 19:48:09)
  • sparks to announce on fedora-devel (pjones, 19:48:20)

comment:3 Changed 22 months ago by kevin

  • Resolution set to fixed
  • Status changed from new to closed

AGREED: close ticket now that nss is rebuilt. Follow up with other related items on list.

Note: See TracTickets for help on using tickets.