CVE-2021-3601 log

Source
Severity Low
Remote Yes
Type Insufficient validation
Description
OpenSSL 1.0.2 will accept a certificate with explicitly set Basic Constraints to CA:FALSE as a valid CA if it is present in the trusted bundle.
Group Package Affected Fixed Severity Status Ticket
AVG-2317 lib32-openssl-1.0 1.0.2.u-1 High Vulnerable
AVG-1229 openssl-1.0 1.0.2.u-1 High Vulnerable FS#67858
References
https://bugzilla.redhat.com/show_bug.cgi?id=1970201
https://github.com/openssl/openssl/issues/5236