Poodle TLS vulnerability CVE-2014-8730

Solution Verified - Updated 5 Aug 2024

Environment

Red Hat Enterprise Linux (RHEL) 7
Red Hat Enterprise Linux (RHEL) 6
Red Hat Enterprise Linux (RHEL) 5
Red Hat Enterprise Linux (RHEL) 4

Issue

Recent media publications are publishing articles indicating that in some cases, TLS is now also impacted by the POODLE flaw and has been tracked by Red Hat as CVE-2014-8730 at This content is not included.Bugzilla-CVE-2014-8730 TLS: incorrect check of padding bytes when using CBC cipher suites.

Resolution

Please understand that unlike the prior POODLE flaw, this is not the result of a protocol error but rather a bug in the NSS libraries. Current versions of Red Hat Enterprise Linux (RHEL) are NOT vulnerable as this NSS bug was previously resolved as of nss-3.12.8. Please ensure that all RHEL deployments are using NSS version nss-3.12.8 or later.

It is also wise to ensure that all RHEL deployments are updated to the current supported versions of RHEL, which as of December 2014 are RHEL 5.11, 6.5 and 7.0. The following Red Hat Security Blog also advises that TLS 1.2 is the current best option for secure communications there are known concerns with TLS 1.0 and 1.1. TLS 1.2 is only supported in RHEL 6.5 and 7.0, or later versions.

Reference Links:

SBR

Security Vulnerabilities

Product(s)

Red Hat Enterprise Linux

Components

Category

Secure

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.