Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 06 Mar 2015 20:54:47 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: Another Python app (rhn-setup: rhnreg_ks) not
 checking hostnames in certs properly CVE-2015-1777

On 06/03/15 06:08 AM, John Haxby wrote:
> On 06/03/15 01:02, Kurt Seifried wrote:
>> Please contact your TAM/GSS with this request, it carries a lot
>> more impact if customers want something that we also want.
> 
> 
> I know "me too" isn't helpful, but I'm going to say "me too" anyway.
>
> It occurred to me that we could have a patch that has a global switch
> (eg a file in, say, /etc/sysconfig and a corresponding switch for
> individual applications) that switches on the correct behaviour.   I
> know it's a bit of a mess, but that way people who don't care will
> continue in blissful ignorance and people that do care can do
> something about it.

That would be one way. But why can't Oracle build it and open source it?
Oracle has a Linux distribution too I thought? Or do you need Red Hat
engineering to do it first? If so as I said, customer cases carry far
more weight than oss-security for feature requests.

> jch


-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ