Ticket #1181 (closed general: fixed)

Opened 6 months ago

Last modified 6 months ago

Fedora still vulnerable to BEAST

Reported by: sparks Owned by:
Priority: critical Keywords: security,meeting
Cc: emaldona, kaia, simo Blocked By:
Blocking:

Description

phenomenon

It was recently reported that NSS was not protecting users against BEAST attacks (the fix was backed out). This is affecting every user of Fedora using SSL and TLSv1.0 in any connection that uses NSS.

reason

The reason provided in the ticket was that it broke some programs (pidgin-sipe was the one example provided) when the fix was inserted.

recommendation

It is recommended that the fix be reapplied to NSS in all versions of Fedora and that any program that breaks be patched to roll back the fix as per the instructions provided in the ticket.

Change History

comment:1 Changed 6 months ago by sgallagh

  • Keywords security,meeting added; security removed

comment:2 Changed 6 months ago by sgallagh

  • AGREED: Apply BEAST patches on F19 (+6,0,-0) and F20 (+7, 0, -0) (sgallagh, 19:48:09)
  • sparks to announce on fedora-devel (pjones, 19:48:20)

comment:3 Changed 6 months ago by kevin

  • Resolution set to fixed
  • Status changed from new to closed

AGREED: close ticket now that nss is rebuilt. Follow up with other related items on list.

Note: See TracTickets for help on using tickets.