Bug 801347 (CVE-2012-1105)
Summary: | CVE-2012-1105 php-pear-CAS: Debug log and proxy configuration session data stored in /tmp without proper protection | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED CURRENTRELEASE | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | fedora, gwync, jrusnack |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-26 21:19:14 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 801349, 801350 | ||
Bug Blocks: |
Description
Jan Lieskovsky
2012-03-08 10:42:26 UTC
This issue affects the versions of the php-pear-CAS package, as shipped with Fedora release of 15 and 16. Please schedule an update. -- This issue affects the versions of the php-pear-CAS package, as shipped with Fedora EPEL 5 and Fedora EPEL 6. Please schedule an update. Created php-pear-CAS tracking bugs for this issue Affects: fedora-all [bug 801349] Affects: epel-all [bug 801350] Also, the versions of the glpi package, as shipped with Fedora release of 15, 16, Fedora EPEL 5 and EPEL 6 use system version of php-pear-CAS library: * Thu May 20 2010 Remi Collet <Fedora> - 0.72.4-3.svn11497 - use system phpCAS instead of bundled copy - minor bug fixes from SVN and thus are not affected by this issue once the deficiency in php-pear-CAS package has got addressed. The versions of the moodle package, as shipped with Fedora release of 15, 16, Fedora EPEL 5 and EPEL 6 are also using system version of the php-pear-CAS package: EPEL-5 case: * Fri Aug 20 2010 Jon Ciesla <limb> - 1.8.13-2 - Switch to system php-pear-CAS, BZ 577467, 620772. F-16 case: * Thu Aug 19 2010 Jon Ciesla <limb> - 1.9.9-2 - Switch to system php-pear-CAS, BZ 577467, 620772. - Patching htmlpurifier, BZ 624754. and as such are not vulnerable to this issue, once this flaw has been corrected in php-pear-CAS package. php-pear-CAS-1.3.0-2.fc15 has been pushed to the Fedora 15 stable repository. If problems still persist, please make note of it in this bug report. php-pear-CAS-1.3.0-2.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. php-pear-CAS-1.3.0-2.el5 has been pushed to the Fedora EPEL 5 stable repository. If problems still persist, please make note of it in this bug report. php-pear-CAS-1.3.0-2.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report. php-pear-CAS-1.3.0-2.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report. |