CVE-2017-7687: When handling a decoding failure for a malformed URL path of an HTTP request, libprocess might crash because the code accidentally calls inappropriate function. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. http://seclists.org/oss-sec/2017/q3/540 CVE-2017-9790: When handling a libprocess message wrapped in an HTTP request, libprocess crashes if the request path is empty, because the parser assumes the request path always starts with '/'. A malicious actor can therefore cause a denial of service of Mesos masters rendering the Mesos-controlled cluster inoperable. http://seclists.org/oss-sec/2017/q3/539
Created mesos tracking bugs for this issue: Affects: fedora-all [bug 1496358]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.