Check_MK before 1.2.8p26 mishandles certain errors within the failed-login save feature because of a race condition, which allows remote attackers to obtain sensitive user information by reading a GUI crash report. External References: https://mathias-kettner.de/check_mk_werks.php?werk_id=5208
Created check-mk tracking bugs for this issue: Affects: epel-all [bug 1497972] Affects: fedora-all [bug 1497973]
Upstream Fix: http://git.mathias-kettner.de/git/?p=check_mk.git;a=patch;h=a4a2cc1f30ff6032899ca80eed29fa26b8898c54
Statement: Red Hat Gluster Storage 3 is not affected because affected code is not shipped in the product. Affected code is present in check-mk-multisite rpm which is not shipped in this product.