The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

OpenSSL Alternative chains certificate forgery (CVE-2015-1793)

Discussion in 'Security' started by speckados, Jul 10, 2015.

  1. speckados

    speckados Well-Known Member

    Joined:
    May 21, 2003
    Messages:
    291
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Acequias :: Granada :: España
    cPanel Access Level:
    DataCenter Provider
    Twitter:
    Hi.

    Cpanel it's vulnerable to this exploit?

    Latest WHM/Cpanel Realese show this.

    openssl-devel-1.0.1e-30.el6.11.x86_64
    openssl-1.0.1e-30.el6.11.x86_64

    Thanks.
     
  2. quizknows

    quizknows Well-Known Member

    Joined:
    Oct 20, 2009
    Messages:
    942
    Likes Received:
    57
    Trophy Points:
    28
    cPanel Access Level:
    DataCenter Provider
    CentOS/Redhat not affected:

    "The OpenSSL project has published information about an important
    vulnerability (CVE-2015-1793) affecting openssl versions 1.0.1n, 1.0.1o,
    1.0.2b, and 1.0.2c. These upstream versions have only been available for
    a month, and given Red Hat's policy of performing careful backports of
    important bug fixes and selected features, this functionality is not
    present in any version of OpenSSL shipped in any Red Hat product.

    No Red Hat products are affected by this flaw (CVE-2015-1793), so no
    actions need to be performed to fix or mitigate this issue in any way."

    https://access.redhat.com/solutions/1523323
    https://www.openssl.org/news/openssl-1.0.1-notes.html
    https://www.openssl.org/news/openssl-1.0.2-notes.html
     
  3. cPanelMichael

    cPanelMichael Forums Analyst
    Staff Member

    Joined:
    Apr 11, 2011
    Messages:
    30,854
    Likes Received:
    676
    Trophy Points:
    113
    cPanel Access Level:
    Root Administrator
    Hello :)

    To reiterate, for users expecting a staff response, the information provided by quizknows is accurate. CentOS/Redhat/CloudLinux are not affected by this flaw.

    Thank you.
     
Loading...

Share This Page