[Bug 1206714] New: CVE-2015-2774 erlang: Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation [epel-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1206714
Bug ID: 1206714
Summary: CVE-2015-2774 erlang: Erlang/OTP is vulnerable to
Poodle in its TLS-1.0 implementation [epel-all]
Product: Fedora EPEL
Version: el6
Component: erlang
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: rjones(a)redhat.com
Reporter: fleite(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, gemi(a)bluewin.ch,
rjones(a)redhat.com, s(a)shk.io
Blocks: 1206712 (CVE-2015-2774)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora EPEL. While
only one tracking bug has been filed, please correct all affected versions
at the same time. If you need to fix the versions independent of each
other, you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
[Bug 1206712] CVE-2015-2774 Erlang/OTP is vulnerable to Poodle in its
TLS-1.0 implementation
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 7 months
[Bug 1206713] New: CVE-2015-2774 erlang: Erlang/OTP is vulnerable to Poodle in its TLS-1.0 implementation [fedora-all]
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1206713
Bug ID: 1206713
Summary: CVE-2015-2774 erlang: Erlang/OTP is vulnerable to
Poodle in its TLS-1.0 implementation [fedora-all]
Product: Fedora
Version: 21
Component: erlang
Keywords: Security, SecurityTracking
Severity: high
Priority: high
Assignee: lemenkov(a)gmail.com
Reporter: fleite(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, lemenkov(a)gmail.com,
rhbugs(a)n-dimensional.de, s(a)shk.io
Blocks: 1206712 (CVE-2015-2774)
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported versions of Fedora. While only
one tracking bug has been filed, please correct all affected versions at
the same time. If you need to fix the versions independent of each other,
you may clone this bug as appropriate.
[bug automatically created by: add-tracking-bugs]
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1206712
[Bug 1206712] CVE-2015-2774 Erlang/OTP is vulnerable to Poodle in its
TLS-1.0 implementation
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 8 months
[Bug 1084850] XMPP resource consumption denial of service when using application-layer compression (XEP-0138)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1084850
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2014 |impact=moderate,public=2014
|0404,reported=20140404,sour |0404,reported=20140404,sour
|ce=fulldisclosure,cvss2=5.0 |ce=full-disclosure,cvss2=5.
|/AV:N/AC:L/Au:N/C:N/I:N/A:P |0/AV:N/AC:L/Au:N/C:N/I:N/A:
|,fedora-all/jabberd=affecte |P,fedora-all/jabberd=affect
|d,epel-all/jabberd=affected |ed,epel-all/jabberd=affecte
|,rhn_satellite_5.3/jabberd= |d,rhn_satellite_5.3/jabberd
|notaffected,rhn_satellite_5 |=notaffected,rhn_satellite_
|.4/jabberd=notaffected,rhn_ |5.4/jabberd=notaffected,rhn
|satellite_5.5/jabberd=notaf |_satellite_5.5/jabberd=nota
|fected,rhn_satellite_5.6/ja |ffected,rhn_satellite_5.6/j
|bberd=notaffected,rhn_proxy |abberd=notaffected,rhn_prox
|_5.3/jabberd=notaffected,rh |y_5.3/jabberd=notaffected,r
|n_proxy_5.4/jabberd=notaffe |hn_proxy_5.4/jabberd=notaff
|cted,rhn_proxy_5.5/jabberd= |ected,rhn_proxy_5.5/jabberd
|notaffected,rhn_proxy_5.6/j |=notaffected,rhn_proxy_5.6/
|abberd=notaffected,fedora-a |jabberd=notaffected,fedora-
|ll/ejabberd=affected,epel-a |all/ejabberd=affected,epel-
|ll/ejabberd=affected,cwe=CW |all/ejabberd=affected,cwe=C
|E-770 |WE-770
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 9 months
[Bug 1059331] CVE-2014-1693 erlang-inets: command injection flaw in FTP module
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1059331
Ján Rusnačko <jrusnack(a)redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2014 |impact=moderate,public=2014
|0128,reported=20140129,sour |0128,reported=20140129,sour
|ce=oss-sec,cvss2=4/AV:N/AC: |ce=oss-security,cvss2=4/AV:
|H/Au:N/C:P/I:P/A:N,fedora-a |N/AC:H/Au:N/C:P/I:P/A:N,fed
|ll/erlang=affected,epel-all |ora-all/erlang=affected,epe
|/erlang=affected,cwe=CWE-78 |l-all/erlang=affected,cwe=C
| |WE-78
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 9 months
[Bug 1144100] New: rabbitmq restarts fail randomly
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1144100
Bug ID: 1144100
Summary: rabbitmq restarts fail randomly
Product: Fedora EPEL
Version: epel7
Component: rabbitmq-server
Assignee: lemenkov(a)gmail.com
Reporter: bnemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: bnemec(a)redhat.com, erlang(a)lists.fedoraproject.org,
extras-qa(a)fedoraproject.org,
hubert.plociniczak(a)gmail.com, imcleod(a)redhat.com,
jeckersb(a)redhat.com, josh(a)fornwall.com,
lemenkov(a)gmail.com, lnie(a)redhat.com,
ohadlevy(a)redhat.com, rjones(a)redhat.com, s(a)shk.io
Depends On: 1059028
+++ This bug was initially created as a clone of Bug #1059028 +++
This still appears to be a problem in the EPEL version of rabbitmq-server.
Description of problem:
I originally encountered this issue when installing OpenStack via devstack but
have since been able to reproduce it by simply executing commands inside of a
fresh F20 install.
Version-Release number of selected component (if applicable):
rabbitmq-server-3.1.5-1.fc20.noarch
How reproducible:
Occurs regularly but not 100% of the time
Steps to Reproduce:
/sbin/service rabbitmq-server stop
/sbin/service rabbitmq-server start
rabbitmqctl change_password guest newpassword
Actual results:
About half the time, on a freshly installed F20, this will fail, claiming the
node cannot be contacted. A typical error message:
[root@cob-dell5 ~]# rabbitmqctl change_password guest ozrootpw
Changing password for user "guest" ...
Error: unable to connect to node 'rabbit@cob-dell5': nodedown
DIAGNOSTICS
===========
nodes in question: ['rabbit@cob-dell5']
hosts, their running nodes and ports:
- cob-dell5: [{rabbitmqctl2648,48609}]
current node details:
- node name: 'rabbitmqctl2648@cob-dell5'
- home dir: /var/lib/rabbitmq
- cookie hash: 8DNoVu56TqDYWypW7YXDJw==
Expected results:
Changing password for user "guest" ...
...done.
--- Additional comment from Ian McLeod on 2014-01-28 21:36:45 EST ---
See the following thread on rdo-list for another example of this issue:
https://www.redhat.com/archives/rdo-list/2013-December/msg00058.html
As well as this more recent one, indicating tha the problem persists:
https://www.redhat.com/archives/rdo-list/2014-January/msg00164.html
--- Additional comment from Ian McLeod on 2014-02-27 17:51:21 EST ---
Note to anyone following. The devstack installer has a commit that attempts to
workaround this issue by retrying the rabbitmq restart:
https://github.com/openstack-dev/devstack/commit/f6c001faf6ac5728e07c6bbd...
Still, it would be nice to sort this out on the rabbitmq side eventually.
--- Additional comment from Fedora Admin XMLRPC Client on 2014-07-01 13:58:36
EDT ---
This package has changed ownership in the Fedora Package Database. Reassigning
to the new owner of this component.
--- Additional comment from Fedora Update System on 2014-08-10 04:14:16 EDT ---
rabbitmq-server-3.1.5-9.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/rabbitmq-server-3.1.5-9.fc20
--- Additional comment from lnie on 2014-08-11 03:00:36 EDT ---
rabbitmq-server-3.1.5-9.fc20 works
--- Additional comment from Fedora Update System on 2014-08-14 22:35:38 EDT ---
Package rabbitmq-server-3.1.5-9.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing rabbitmq-server-3.1.5-9.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-9337/rabbitmq-server-...
then log in and leave karma (feedback).
--- Additional comment from Fedora Update System on 2014-08-15 20:28:02 EDT ---
rabbitmq-server-3.1.5-9.fc20 has been pushed to the Fedora 20 stable
repository. If problems still persist, please make note of it in this bug
report.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1059028
[Bug 1059028] rabbitmq restarts fail randomly
--
You are receiving this mail because:
You are on the CC list for the bug.
8 years, 9 months