Bug 908463 (CVE-2013-0264)
Summary: | CVE-2013-0264 cumin: server certificate validation is always disabled when connecting to Aviary servers | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | croberts, jrusnack, matt, security-response-team, sgraf, tmckay |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2019-06-10 11:00:03 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 908051, 908505 | ||
Bug Blocks: |
Description
Vincent Danen
2013-02-06 18:39:23 UTC
Proposed patch: Index: sage/python/sage/aviary/clients.py =================================================================== --- sage/python/sage/aviary/clients.py (revision 5672) +++ sage/python/sage/aviary/clients.py (working copy) @@ -1,4 +1,6 @@ import os +import sage + from suds.client import Client from sage.util import ObjectPool from suds.transport.https import HttpAuthenticated @@ -7,10 +9,16 @@ try: from sage.https_full import HTTPSFullCertTransport has_full_cert = True - technology = sage.https_full.technology except: has_full_cert = False +technology = "unspecified" +if has_full_cert: + try: + technology = sage.https_full.technology + except: + pass + class TransportFactory(object): def __init__(self, key="", cert="", root_cert="", domain_verify=True): self.key = key @@ -31,7 +39,7 @@ else: log.info("%s: using client and server "\ "certificate validation for ssl connections, "\ - "solution is %s" % (where, clients.technology)) + "solution is %s" % (where, technology)) log.info("%s: verify server domain against "\ "certificate during validation (%s)" \ Created cumin tracking bugs for this issue Affects: fedora-all [bug 908505] Patch has been committed on the cumin trunk, revision 5700 |