Bug 1110338 (CVE-2014-4168) - CVE-2014-4168 iodine: authentication bypass vulnerability
Summary: CVE-2014-4168 iodine: authentication bypass vulnerability
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-4168
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 1110179 1110182 (view as bug list)
Depends On: 1110339 1110340 1110341 1110342
Blocks: 1110179 1110345
TreeView+ depends on / blocked
 
Reported: 2014-06-17 13:10 UTC by Vasyl Kaigorodov
Modified: 2021-10-20 10:44 UTC (History)
3 users (show)

Fixed In Version: iodine 0.7.0
Clone Of:
Environment:
Last Closed: 2021-10-20 10:44:53 UTC
Embargoed:

Attachments (Terms of Use)

Description Vasyl Kaigorodov 2014-06-17 13:10:16 UTC 
iodine 0.7.0 has just been released, which fixes an authentication bypass
issue discovered by Oscar Reparaz. Upstream fix is here:

https://github.com/yarrick/iodine/commit/b715be5cf3978fbe589b03b09c9398d0d791f850

and the new release is available at the package homepage:
http://code.kryo.se/iodine/
Comment 1 Vasyl Kaigorodov 2014-06-17 13:11:22 UTC 
Created iodine tracking bugs for this issue:

Affects: fedora-all [bug 1110339]
Affects: epel-5 [bug 1110340]
Affects: epel-6 [bug 1110341]
Affects: epel-7 [bug 1110342]
Comment 2 Murray McAllister 2014-06-18 04:56:00 UTC 
MITRE assigned CVE-2014-4168 to this issue:

http://seclists.org/oss-sec/2014/q2/562
Comment 3 Murray McAllister 2014-06-18 04:57:05 UTC 
*** Bug 1110179 has been marked as a duplicate of this bug. ***
Comment 4 Murray McAllister 2014-06-18 05:00:47 UTC 
*** Bug 1110182 has been marked as a duplicate of this bug. ***
Comment 5 Fedora Update System 2014-08-16 22:31:59 UTC 
iodine-0.7.0-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 6 Fedora Update System 2014-08-16 22:32:29 UTC 
iodine-0.7.0-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 7 Fedora Update System 2014-08-23 16:56:18 UTC 
iodine-0.7.0-1.el5 has been pushed to the Fedora EPEL 5 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2014-08-23 16:56:32 UTC 
iodine-0.7.0-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Note You need to log in before you can comment on or make changes to this bug.