CVE-2021-3601 log
| Source |
|
| Severity | Low |
| Remote | Yes |
| Type | Insufficient validation |
| Description | OpenSSL 1.0.2 will accept a certificate with explicitly set Basic Constraints to CA:FALSE as a valid CA if it is present in the trusted bundle. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-2317 | lib32-openssl-1.0 | 1.0.2.u-1 | High | Unknown | ||
| AVG-1229 | openssl-1.0 | 1.0.2.u-1 | High | Unknown | FS#67858 |
| References |
|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1970201 https://github.com/openssl/openssl/issues/5236 |