Resolution for POODLE SSL 3.0 vulnerability (CVE-2014-3566) in RHUI 2.0 and 2.1

Solution In Progress - Updated -

Issue

  • Resolution for POODLE SSL 3.0 vulnerability (CVE-2014-3566) in Red Hat Update Infrastructure
  • How to avoid impact to RHUI from CVE-2014-3566?
  • This issue is seen because a part of RHUA uses SSL 3.0 when communicating to the CDN to fetch listing files.
  • The following error message appears in the /root/.rhui/rhui.log file upon such failure:
Unexpected error caught at the shell level
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 86, in safe_listen
    self.listen(clear=first_run)
  File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 112, in listen
    Shell.listen(self)
  File "/usr/lib/python2.6/site-packages/rhui/common/shell.py", line 186, in listen
    item.func(*args, **item.kwargs)
  File "/usr/lib/python2.6/site-packages/rhui/tools/screens/repo.py", line 128, in add
    self.candidate_repo_manager.translate_entitlements()
  File "/usr/lib/python2.6/site-packages/rhui/tools/repo_candidates.py", line 72, in translate_entitlements
    mappings = self.cdn_api.expand_variables(e.download_url, cert.cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 71, in expand_variables
    mappings = self._translate_next_variable({'' : url}, cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 104, in _translate_next_variable
    substitutions = self._request_get(listing_url, cert_filename).split('\n')
  File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 156, in _request_get
    server = self._server(cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 223, in _server
    server.connect()
  File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect
    self.sock.connect((self.host, self.port))
  File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
    ret = self.connect_ssl()
  File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
    return m2.ssl_connect(self.ssl, self._timeout)
SSLError: sslv3 alert handshake failure

Environment

  • Red Hat Update Infrastructure 2.0
  • Red Hat Update Infrastructure 2.1
  • rh-rhui-tools

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In