Bug 1105713 (CVE-2014-3251)
Summary: | CVE-2014-3251 mcollective: aes_security.rb file creation vulnerability | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Kurt Seifried <kseifried> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED WONTFIX | QA Contact: | |||||
Severity: | medium | Docs Contact: | |||||
Priority: | medium | ||||||
Version: | unspecified | CC: | bleanhar, ccoleman, dmcphers, jdetiber, jialiu, jkeck, jokerman, jrusnack, kseifried, lmeyer, mmccomas, mmcgrath, security-response-team, sparks | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | Doc Type: | Bug Fix | |||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-11-08 04:40:14 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1118889, 1161821, 1161822, 1161823, 1161824 | ||||||
Bug Blocks: | 1105714 | ||||||
Attachments: |
|
Description
Kurt Seifried
2014-06-06 19:16:52 UTC
A planned disclosure date, Tuesday, July 15, 2014, at 14:30 UTC has been set, please note that this may change. Created attachment 916998 [details]
mcollective-2.5.2-flaw-in-aes_security.patch
Statement: Red Hat OpenShift Enterprise 2 is now in Production 1 Phase of the support and maintenance life cycle. This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat OpenShift Enterprise 2 Life Cycle: https://access.redhat.com/support/policy/updates/openshift. Created mcollective tracking bugs for this issue: Affects: epel-5 [bug 1161821] Created mcollective tracking bugs for this issue: Affects: epel-6 [bug 1161822] Created mcollective tracking bugs for this issue: Affects: epel-7 [bug 1161823] Created mcollective tracking bugs for this issue: Affects: fedora-all [bug 1161824] Is it appropriate to go ahead and close the tracking bugs on this ticket? It's wontfix for Red Hat, Fedora/EPEL may choose to rebase so we leave the trackers open for them. |