Date: Tue, 10 Jun 2014 00:06:02 -0400 (EDT) From: David Jorm <djorm@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: CVE-2014-0085 / Zookeeper > Hi, > could some from Red Hat please clarify on > https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085 ? > > Does this affect stock releases from http://zookeeper.apache.org/ or is this > CVE for a combination > of Zookeeper and Red Hat JBoss A-MQ ? > > Cheers, > Moritz > Hi Moritz. My apologies for the delayed reply. This flaw only affects Apache Zookeeper used in conjunction with Fuse Fabric. I have added more details here: https://bugzilla.redhat.com/show_bug.cgi?id=1067265#c7 Zookeeper seems to log all keys, which may lead to other similar flaws. Thanks -- David Jorm / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ