Latest response

Are there any patches available to fix the POODLE CVE-2014-3566

Thank you




I think patches are available for RHEL 6.6 and 7.0 (see https://access.redhat.com/errata/product/69/ver=/rhel---7/x86_64/RHSA-2014:1652 ).
I haven't yet tested it but according to description this patch corrects CVE-2014-3566.



Hi Arrey,

There are patches available for some of the components affected by the POODLE vulnerability (and these are linked from the article dedicated to this issue [1]), but the fact is that the range of components (and their versions in the various releases of Red Hat products) affected is very broad, and in specific cases [2], the solution is to disable SSLv3 altogether, instead of patching the component.

Please, refer to the linked article [1], which contains information about dealing with the issue as well as a list of affected components and links to solutions for the individual components.

[1] POODLE: SSLv3 vulnerability (CVE-2014-3566)
[2] Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) for components that do not allow SSLv3 to be disabled via configuration settings