OpenSSL Alternative chains certificate forgery (CVE-2015-1793)

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
CentOS/Redhat not affected:

"The OpenSSL project has published information about an important
vulnerability (CVE-2015-1793) affecting openssl versions 1.0.1n, 1.0.1o,
1.0.2b, and 1.0.2c. These upstream versions have only been available for
a month, and given Red Hat's policy of performing careful backports of
important bug fixes and selected features, this functionality is not
present in any version of OpenSSL shipped in any Red Hat product.

No Red Hat products are affected by this flaw (CVE-2015-1793), so no
actions need to be performed to fix or mitigate this issue in any way."

https://access.redhat.com/solutions/1523323
https://www.openssl.org/news/openssl-1.0.1-notes.html
https://www.openssl.org/news/openssl-1.0.2-notes.html
 

cPanelMichael

Administrator
Staff member
Apr 11, 2011
47,913
2,203
363
Hello :)

To reiterate, for users expecting a staff response, the information provided by quizknows is accurate. CentOS/Redhat/CloudLinux are not affected by this flaw.

Thank you.