Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 24 Jan 2018 16:38:18 +1030
From: Doran Moppert <dmoppert@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2018-1000018: ovirt-engine-setup: root password disclosed in
 provisioning logs

Distributions of ovirt using hosted-engine-setup should check if their
configuration is affected by this issue, as the default log file
permissions were 0755 and the root password was not correctly filtered.

https://gerrit.ovirt.org/#/c/86635/
https://gerrit.ovirt.org/#/c/62679/

https://bugzilla.redhat.com/show_bug.cgi?id=1537904


-- 
Doran Moppert
Red Hat Product Security

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.