Bug 1061545 - (CVE-2017-1000097) VUL-0: CVE-2017-1000097: go: trust preferences for root certificates on Darwin were not honored
(CVE-2017-1000097)
VUL-0: CVE-2017-1000097: go: trust preferences for root certificates on Darwi...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/192820/
CVSSv2:RedHat:CVE-2017-1000097:2.6:(...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-10-04 08:09 UTC by Alexander Bergmann
Modified: 2017-10-04 13:19 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2017-10-04 08:09:15 UTC
CVE-2017-1000097

On Darwin, user's trust preferences for root certificates were not
honored. If the user had a root certificate loaded in their Keychain
that was explicitly not trusted, a Go program would still verify a
connection using that root certificate.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000097
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000097
Comment 1 Alexander Bergmann 2017-10-04 08:09:58 UTC
Affects only Darwin. Not relevant for SLE and openSUSE. Closing as invalid.