Project

General

Profile

Bug #26119

puppet-certs uses md5 internally to check for difference between expected and actual certs (might break in FIPS)

Added by Ivan Necas 5 months ago. Updated 19 days ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
Foreman modules
Target version:
Difficulty:
Triaged:
No
Bugzilla link:
Team Backlog:
Found in Releases:

Description

There is 0 security implication of this issue and it doesn't break with puppet in FIPS either, as
by default, puppet is statically linked with their openssl distribution. We should however
not consciously use md5 and other non-FIPS compliant algorithms.

Associated revisions

Revision a401fee2 (diff)
Added by Ivan Necas 5 months ago

Fixes #26119 - don't use md5 for digesting

History

#1 Updated by The Foreman Bot 5 months ago

  • Status changed from New to Ready For Testing
  • Pull request https://github.com/theforeman/puppet-certs/pull/246 added

#2 Updated by Ewoud Kohl van Wijngaarden 5 months ago

  • Target version set to 1.22.0
  • Status changed from Ready For Testing to Closed
  • Fixed in Releases 1.22.0 added

#3 Updated by Ewoud Kohl van Wijngaarden 5 months ago

  • Fixed in Releases 1.20.3, 1.21.1 added

#4 Updated by Ewoud Kohl van Wijngaarden 19 days ago

  • Fixed in Releases deleted (1.20.3)

This was released as puppet-certs 4.4.3 but Katello 3.10 includes 4.4.2. There likely won't be a Katello 3.10.2 to include this.

Also available in: Atom PDF