POODLE PATCHES

Comments 2

Are there any patches available to fix the POODLE CVE-2014-3566

Thank you

Arrey

Started 2014-10-20T14:07:19+00:00 by

aashu14

Pro 639 points

Responses

CL Newbie 10 points

20 October 2014 2:32 PM

Christophe LAFAILLE

Hi,

I think patches are available for RHEL 6.6 and 7.0 (see https://access.redhat.com/errata/product/69/ver=/rhel---7/x86_64/RHSA-2014:1652 ).
I haven't yet tested it but according to description this patch corrects CVE-2014-3566.

Regards.

Christophe

Red Hat Guru 3240 points

30 October 2014 7:34 PM

Robert Krátký

Hi Arrey,

There are patches available for some of the components affected by the POODLE vulnerability (and these are linked from the article dedicated to this issue [1]), but the fact is that the range of components (and their versions in the various releases of Red Hat products) affected is very broad, and in specific cases [2], the solution is to disable SSLv3 altogether, instead of patching the component.

Please, refer to the linked article [1], which contains information about dealing with the issue as well as a list of affected components and links to solutions for the individual components.

[1] POODLE: SSLv3 vulnerability (CVE-2014-3566)
[2] Resolution for POODLE SSLv3.0 vulnerability (CVE-2014-3566) for components that do not allow SSLv3 to be disabled via configuration settings

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories

Responses