Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 13 Jul 2016 13:57:36 -0400 (EDT)
From: cve-assign@...re.org
To: misc@...b.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: openshift-node is logging private RSA keys to the systemd journal

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/openshift/origin/issues/3951

>> https://github.com/openshift/origin/issues/3951#issuecomment-126726391

>> the root cause is storing the cert/key as envvars in the pod, which is what needs to stop.

Use CVE-2015-8945.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXhoC1AAoJEHb/MwWLVhi25jYP/A8sFCUCZLYD7GOYjUi3NIEP
KiPk/F0SQjzbtwLAHdZHD+X3XYp2z70f0ZESEXv9sO2ltH0lviuxrZQxODU0WM3R
ZKvq51ooXyxsD1k2Df/EwNW4ll69f388ulg2mZnsuR4mkzspJPQfiGQjP3Ant8jT
o9/uNEnw7AQmTPDLDgyAykZxJgdaGs2Mof2MO5vvP9XwdDJAJJTITfOK+bZmxD0t
wJR11mQvtRr5nyefj+0zaoJG0mZBkC6P5ZMxIWNzubOnUQLlMf8EfWcarVLUknNp
yS0SLF1dCgjfPWfrx2csMiJpxCsrZvwcMWIlwWhjSRDuNgq7+0tsRvKcHDObjNri
qtIJyq/85bXiAbrRInQDl402okH7T+SzoKhIldna2bxD710SRpgV/LIfy+yiAPgY
JZUSWSRNhIsA0ms7TtV8aYudc7WP6Ur6d8hAZ+M+DMdwSy6ZJrCjDtSFVVUsNhB3
mTN4dtpIdqKuTJTwfGioTkCNtMvr4wTbny+Ss0+yXqTu2n4Os73UZKtcj6v9bWty
6v03/VTIA7VIzoqcB03SX++qCCYR1e5U3Z3jWCP+0Hfemaph+s59NxbyX8on4JyM
tYVBT0RSzxP7Wl50Eu05hyYVjhRyH2sdxTzwyF8zvDOGoloS8XL1WmNB3zu1v6D2
sQpXbT9+W/HTOZMO1DPA
=8aCU
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.