Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Wed, 13 Jul 2016 13:57:36 -0400 (EDT)
From: cve-assign@...re.org
To: misc@...b.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: openshift-node is logging private RSA keys to the systemd journal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/openshift/origin/issues/3951

>> https://github.com/openshift/origin/issues/3951#issuecomment-126726391

>> the root cause is storing the cert/key as envvars in the pod, which is what needs to stop.

Use CVE-2015-8945.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXhoC1AAoJEHb/MwWLVhi25jYP/A8sFCUCZLYD7GOYjUi3NIEP
KiPk/F0SQjzbtwLAHdZHD+X3XYp2z70f0ZESEXv9sO2ltH0lviuxrZQxODU0WM3R
ZKvq51ooXyxsD1k2Df/EwNW4ll69f388ulg2mZnsuR4mkzspJPQfiGQjP3Ant8jT
o9/uNEnw7AQmTPDLDgyAykZxJgdaGs2Mof2MO5vvP9XwdDJAJJTITfOK+bZmxD0t
wJR11mQvtRr5nyefj+0zaoJG0mZBkC6P5ZMxIWNzubOnUQLlMf8EfWcarVLUknNp
yS0SLF1dCgjfPWfrx2csMiJpxCsrZvwcMWIlwWhjSRDuNgq7+0tsRvKcHDObjNri
qtIJyq/85bXiAbrRInQDl402okH7T+SzoKhIldna2bxD710SRpgV/LIfy+yiAPgY
JZUSWSRNhIsA0ms7TtV8aYudc7WP6Ur6d8hAZ+M+DMdwSy6ZJrCjDtSFVVUsNhB3
mTN4dtpIdqKuTJTwfGioTkCNtMvr4wTbny+Ss0+yXqTu2n4Os73UZKtcj6v9bWty
6v03/VTIA7VIzoqcB03SX++qCCYR1e5U3Z3jWCP+0Hfemaph+s59NxbyX8on4JyM
tYVBT0RSzxP7Wl50Eu05hyYVjhRyH2sdxTzwyF8zvDOGoloS8XL1WmNB3zu1v6D2
sQpXbT9+W/HTOZMO1DPA
=8aCU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.