CVE-2019-1547

Support for security such as Firewalls and securing linux
Post Reply
victor.diaz69
Posts: 2
Joined: 2020/06/24 15:04:03

CVE-2019-1547

Post by victor.diaz69 » 2020/06/24 15:13:53

Hello folks,

It seems that CentOS 7 Will not fix CVE-2019-1547 which causes my PCI scans to fail. Is really building from source the only solution to mitigating these sort of issues? What do the CentOS experts suggest?

Thank you,

User avatar
TrevorH
Forum Moderator
Posts: 29105
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: CVE-2019-1547

Post by TrevorH » 2020/06/24 16:23:05

Find someone with a RHEL support subscription that works for a company that gives RH lots of $$$ and get them to report it?
CentOS 6 will die in November 2020 - migrate sooner rather than later!
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 is dead, do not use it.
Full time Geek, part time moderator. Use the FAQ Luke

aks
Posts: 3008
Joined: 2014/09/20 11:22:14

Re: CVE-2019-1547

Post by aks » 2020/06/26 23:12:34

Restrict (whatever applications you are using) to use only named curves.
"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present."
https://nvd.nist.gov/vuln/detail/CVE-2019-1547

Problem worked around (and if you security tool is just "banner grabbing" rather than actually testing the system, get a better tester).

victor.diaz69
Posts: 2
Joined: 2020/06/24 15:04:03

Re: CVE-2019-1547

Post by victor.diaz69 » 2020/06/28 12:04:53

Thank you both for your replies. Great info aks. Nothing new that advisories already have but still it's well appreciated.

https://www.openssl.org/news/secadv/20190910.txt

Post Reply

Return to “CentOS 7 - Security Support”