OpenSSL Alternative chains certificate forgery (CVE-2015-1793)

speckados

• July 10, 2015 04:45

Hi. Cpanel it's vulnerable to this exploit? Latest WHM/Cpanel Realese show this. openssl-devel-1.0.1e-30.el6.11.x86_64 openssl-1.0.1e-30.el6.11.x86_64 Thanks.

• 

  quizknows

  • July 10, 2015 17:03

  CentOS/Redhat not affected: "The OpenSSL project has published information about an important vulnerability (CVE-2015-1793) affecting openssl versions 1.0.1n, 1.0.1o, 1.0.2b, and 1.0.2c. These upstream versions have only been available for a month, and given Red Hat's policy of performing careful backports of important bug fixes and selected features, this functionality is not present in any version of OpenSSL shipped in any Red Hat product. No Red Hat products are affected by this flaw (CVE-2015-1793), so no actions need to be performed to fix or mitigate this issue in any way."

  0
• 

  cPanelMichael

  • August 06, 2015 13:56

  Hello :) To reiterate, for users expecting a staff response, the information provided by quizknows is accurate. CentOS/Redhat/CloudLinux are not affected by this flaw. Thank you.

  0

Please sign in to leave a comment.