Bug 1726565 (CVE-2019-13178)
| Summary: | CVE-2019-13178 calamares: race condition in modules/luksbootkeyfile/main.py | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Dhananjay Arunesh <darunesh> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED UPSTREAM | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | damianatorrpm, kevin, mattia.verga, me, teward |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2019-07-12 13:08:16 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1726566 | ||
| Bug Blocks: | |||
|
Description
Dhananjay Arunesh
2019-07-03 07:56:21 UTC
Created calamares tracking bugs for this issue: Affects: fedora-all [bug 1726566] I will prepare an update when upstream releases a release with the fix, which should happen this week. Please note that the upstream version numbers in both CVEs are incorrect, all versions of Calamares up to and including 3.2.10 are affected. Please note that MITRE has updated the CVEs to reflect proper affected versions, and Calamares upstream has released a fix in version 3.2.11 Right. I have already queued Calamares 3.2.11 updates for Fedora 29 and 30 (and built it for Rawhide, too, of course), see bug #1726566. ARRAY(0x55ab81bfe1d8) |