'[oss-security] CVE-2018-1000018: ovirt-engine-setup: root password disclosed in provisioning logs'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2018-1000018: ovirt-engine-setup: root password disclosed in provisioning logs
From:       Doran Moppert <dmoppert () redhat ! com>
Date:       2018-01-24 6:20:18
Message-ID: 20180124060817.GE19133 () sin ! redhat ! com
[Download RAW message or body]

Distributions of ovirt using hosted-engine-setup should check if their
configuration is affected by this issue, as the default log file
permissions were 0755 and the root password was not correctly filtered.

https://gerrit.ovirt.org/#/c/86635/
https://gerrit.ovirt.org/#/c/62679/

https://bugzilla.redhat.com/show_bug.cgi?id=1537904

-- 
Doran Moppert
Red Hat Product Security

[Attachment #3 (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic