Page 1 of 1
Posted: 2020/06/24 15:13:53
It seems that CentOS 7 Will not fix CVE-2019-1547 which causes my PCI scans to fail. Is really building from source the only solution to mitigating these sort of issues? What do the CentOS experts suggest?
Posted: 2020/06/24 16:23:05
Find someone with a RHEL support subscription that works for a company that gives RH lots of $$$ and get them to report it?
Posted: 2020/06/26 23:12:34
Restrict (whatever applications you are using) to use only named curves.
"Normally in OpenSSL EC groups always have a co-factor present and this is used in side channel resistant code paths. However, in some cases, it is possible to construct a group using explicit parameters (instead of using a named curve). In those cases it is possible that such a group does not have the cofactor present."
Problem worked around (and if you security tool is just "banner grabbing" rather than actually testing the system, get a better tester).
Posted: 2020/06/28 12:04:53
Thank you both for your replies. Great info aks
. Nothing new that advisories already have but still it's well appreciated.