Bug 149253 - cfengine rsa heap remote exploit
cfengine rsa heap remote exploit
Status: CLOSED CURRENTRELEASE
Product: Fedora
Classification: Fedora
Component: cfengine (Show other bugs)
3
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Sheltren
Fedora Extras Quality Assurance
: Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2005-02-21 12:50 EST by Ville Skyttä
Modified: 2007-11-30 17:11 EST (History)
0 users

See Also:
Fixed In Version: 2.1.8
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2005-03-25 11:22:27 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2005-02-21 12:50:46 EST
Dunno if this is present in the cfengine package currently in extras, but
probably worth checking out:

http://www.securityfocus.com/archive/1/390947/2005-02-18/2005-02-24/1

(I'm not a cfengine user, just happened to notice this message on Bugtraq.)
Comment 1 Juha Ylitalo 2005-02-21 13:43:54 EST
At least the code in given URL would seem to indicate that its targeted against
2.1.7p1 and FC3 extras has 2.1.9p2. Also here is what Mark Burgess (author of
cfengine) has written in their mailing list
(http://lists.gnu.org/archive/html/help-cfengine/2005-02/msg00115.html)
[begin quote]
This is not enough information to go on. Where does this come from and
when did it appear? It appears to be old. (2.1.7). In that case it
refers to a bug that was patched in 2.1.8.  More information please.
[end quote]
Comment 2 Michael Schwendt 2005-02-23 12:46:44 EST
So are you still maintaining cfengine?
Comment 3 Juha Ylitalo 2005-02-23 14:57:57 EST
I am not currently using cfengine anywhere in real life and don't seem to have
lot of freetime, so if someone has interest to take it as his/her responsible, I
don't have any objections against it.
Reason, why I checked this case was mostly for professional curiosity and I know
couple people, who are using cfengine on their environments.
Comment 4 Jeff Sheltren 2005-03-25 11:22:27 EST
Fixed in 2.1.8.

Currently extras is providing 2.1.13, so this shouldn't be an issue.

Note You need to log in before you can comment on or make changes to this bug.