Date: Wed, 24 Jan 2018 16:38:18 +1030 From: Doran Moppert <dmoppert@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2018-1000018: ovirt-engine-setup: root password disclosed in provisioning logs Distributions of ovirt using hosted-engine-setup should check if their configuration is affected by this issue, as the default log file permissions were 0755 and the root password was not correctly filtered. https://gerrit.ovirt.org/#/c/86635/ https://gerrit.ovirt.org/#/c/62679/ https://bugzilla.redhat.com/show_bug.cgi?id=1537904 -- Doran Moppert Red Hat Product Security Content of type "application/pgp-signature" skipped
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.