Resolution for POODLE SSL 3.0 vulnerability (CVE-2014-3566) in RHUI 2.0 and 2.1

Solution In Progress - Updated -

Issue

  • Resolution for POODLE SSL 3.0 vulnerability (CVE-2014-3566) in Red Hat Update Infrastructure
  • How to avoid impact to RHUI from CVE-2014-3566?
  • This issue is seen because a part of RHUA uses SSL 3.0 when communicating to the CDN to fetch listing files.
  • The following error message appears in the /root/.rhui/rhui.log file upon such failure:
Unexpected error caught at the shell level
Traceback (most recent call last):
  File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 86, in safe_listen
    self.listen(clear=first_run)
  File "/usr/lib/python2.6/site-packages/rhui/tools/shell.py", line 112, in listen
    Shell.listen(self)
  File "/usr/lib/python2.6/site-packages/rhui/common/shell.py", line 186, in listen
    item.func(*args, **item.kwargs)
  File "/usr/lib/python2.6/site-packages/rhui/tools/screens/repo.py", line 128, in add
    self.candidate_repo_manager.translate_entitlements()
  File "/usr/lib/python2.6/site-packages/rhui/tools/repo_candidates.py", line 72, in translate_entitlements
    mappings = self.cdn_api.expand_variables(e.download_url, cert.cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 71, in expand_variables
    mappings = self._translate_next_variable({'' : url}, cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 104, in _translate_next_variable
    substitutions = self._request_get(listing_url, cert_filename).split('\n')
  File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 156, in _request_get
    server = self._server(cert_filename)
  File "/usr/lib/python2.6/site-packages/rhui/tools/cdn_api.py", line 223, in _server
    server.connect()
  File "/usr/lib64/python2.6/site-packages/M2Crypto/httpslib.py", line 50, in connect
    self.sock.connect((self.host, self.port))
  File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 185, in connect
    ret = self.connect_ssl()
  File "/usr/lib64/python2.6/site-packages/M2Crypto/SSL/Connection.py", line 178, in connect_ssl
    return m2.ssl_connect(self.ssl, self._timeout)
SSLError: sslv3 alert handshake failure

Environment

  • Red Hat Update Infrastructure 2.0
  • Red Hat Update Infrastructure 2.1
  • rh-rhui-tools

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content