[Bug 1448336] New: CVE-2017-4967 rabbitmq:
XSS vulnerability in management UI
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1448336
Bug ID: 1448336
Summary: CVE-2017-4967 rabbitmq: XSS vulnerability in
management UI
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: aortega(a)redhat.com, apevec(a)redhat.com,
ayoung(a)redhat.com, chrisw(a)redhat.com,
cvsbot-xmlrpc(a)redhat.com,
erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
jjoyce(a)redhat.com, josh(a)fornwall.com,
jschluet(a)redhat.com, kbasil(a)redhat.com,
lemenkov(a)gmail.com, lhh(a)redhat.com, lpeer(a)redhat.com,
markmc(a)redhat.com, plemenko(a)redhat.com,
rbryant(a)redhat.com, rjones(a)redhat.com,
sclewis(a)redhat.com, sisharma(a)redhat.com,
srevivo(a)redhat.com, s(a)shk.io, tdecacqu(a)redhat.com
A cross site scripting vulnerability was found in the management UI of
RabbitMQ.
External References:
https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 6 months
[Bug 1448335] New: CVE-2017-4965 rabbitmq:
XSS vulnerability in management UI
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1448335
Bug ID: 1448335
Summary: CVE-2017-4965 rabbitmq: XSS vulnerability in
management UI
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: anemec(a)redhat.com
CC: aortega(a)redhat.com, apevec(a)redhat.com,
ayoung(a)redhat.com, chrisw(a)redhat.com,
cvsbot-xmlrpc(a)redhat.com,
erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
jjoyce(a)redhat.com, josh(a)fornwall.com,
jschluet(a)redhat.com, kbasil(a)redhat.com,
lemenkov(a)gmail.com, lhh(a)redhat.com, lpeer(a)redhat.com,
markmc(a)redhat.com, plemenko(a)redhat.com,
rbryant(a)redhat.com, rjones(a)redhat.com,
sclewis(a)redhat.com, sisharma(a)redhat.com,
srevivo(a)redhat.com, s(a)shk.io, tdecacqu(a)redhat.com
A cross site scripting vulnerability was found in the management UI of
RabbitMQ.
External References:
https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_6_9
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 6 months
[Bug 1448339] New:
CVE-2017-4965 CVE-2017-4966 CVE-2017-4967 rabbitmq-server: various flaws
[fedora-24]
by bugzilla@redhat.com
https://bugzilla.redhat.com/show_bug.cgi?id=1448339
Bug ID: 1448339
Summary: CVE-2017-4965 CVE-2017-4966 CVE-2017-4967
rabbitmq-server: various flaws [fedora-24]
Product: Fedora
Version: 24
Component: rabbitmq-server
Keywords: Security, SecurityTracking
Severity: medium
Priority: medium
Assignee: lemenkov(a)gmail.com
Reporter: anemec(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org,
hubert.plociniczak(a)gmail.com, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, rjones(a)redhat.com, s(a)shk.io
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-24.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 6 months
[Bug 1295663] New: dialyzer --build_plt crashes
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1295663
Bug ID: 1295663
Summary: dialyzer --build_plt crashes
Product: Fedora
Version: rawhide
Component: erlang
Severity: high
Assignee: lemenkov(a)gmail.com
Reporter: rbarlow(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: erlang(a)lists.fedoraproject.org, jeckersb(a)redhat.com,
lemenkov(a)gmail.com, rhbugs(a)n-dimensional.de, s(a)shk.io
Created attachment 1111752
--> https://bugzilla.redhat.com/attachment.cgi?id=1111752&action=edit
erl_crash.dump
Description of problem:
When I try to build a PLT, dialyzer crashes.
Version-Release number of selected component (if applicable):
$ rpm -q erlang-dialyzer
erlang-dialyzer-17.4-5.fc24.x86_64
How reproducible:
Every time
Steps to Reproduce:
1. $ dialyzer --build_plt --apps erts kernel stdlib
Actual results:
$ dialyzer --build_plt --apps erts kernel stdlib
Compiling some key modules to native code...{"init terminating in
do_boot",{{badmatch,{error,{'EXIT',{badarg,[{hipe_bifs,patch_call,[1095479243,94032498909904,[]],[]},{hipe_unified_loader,patch_call_insn,3,[{file,"hipe_unified_loader.erl"},{line,507}]},{hipe_unified_loader,patch_bif_call_list,4,[{file,"hipe_unified_loader.erl"},{line,492}]},{hipe_unified_loader,patch_call,5,[{file,"hipe_unified_loader.erl"},{line,483}]},{hipe_unified_loader,patch,5,[{file,"hipe_unified_loader.erl"},{line,458}]},{hipe_unified_loader,load_common,4,[{file,"hipe_unified_loader.erl"},{line,235}]},{hipe_unified_loader,load_module,3,[{file,"hipe_unified_loader.erl"},{line,156}]},{code_server,handle_call,3,[{file,"code_server.erl"},{line,332}]}]}}}},[{hipe,finalize,5,[{file,"hipe.erl"},{line,751}]},{hipe,compile_finish,3,[{file,"hipe.erl"},{line,708}]},{hipe,'-run_compiler_1/3-fun-0-',4,[{file,"hipe.erl"},{line,669}]}]}}
Crash dump was written to: erl_crash.dump
init terminating in do_boot ()
Expected results:
Successful build.
Additional info:
I've attached the erl_crash.dump file.
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 7 months
[Bug 1324922] New: Log handler repeatedly crashes
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1324922
Bug ID: 1324922
Summary: Log handler repeatedly crashes
Product: Fedora EPEL
Version: epel7
Component: erlang
Keywords: Regression, ZStream
Severity: urgent
Priority: urgent
Assignee: jeckersb(a)redhat.com
Reporter: jeckersb(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: apevec(a)redhat.com, binarin(a)binarin.ru,
erlang(a)lists.fedoraproject.org, fdinitto(a)redhat.com,
jeckersb(a)redhat.com, jschluet(a)redhat.com,
lhh(a)redhat.com, oblaut(a)redhat.com, rjones(a)redhat.com,
s(a)shk.io, ushkalim(a)redhat.com
Depends On: 1322609
Blocks: 1324185
+++ This bug was initially created as a clone of Bug #1322609 +++
Starting with erlang-erts-R16B-03.10min.6.el7ost.x86_64, the log handler
repeatedly crashes and fills up the rabbitmq startup_log with entries like:
Event crashed log handler:
{info_msg,<0.1719.0>,
{<0.1832.0>,"Mirrored ~s: Adding mirror on node ~p: ~p~n",
["queue 'l3_agent_fanout_0f6bc20f4c54484f9de482cd6d83a15a' in vhost
'/'",
'rabbit@overcloud-controller-1',<6192.10668.1>]}}
function_clause
Meanwhile the rabbitmq log is empty.
Looks like a regression introduced in the "Enable error_logger depth fine
tuning" patch.
--- Additional comment from Alexey Lebedeff on 2016-04-07 09:17:10 EDT ---
R16B-03.16.el7 is also affected.
Referenced Bugs:
https://bugzilla.redhat.com/show_bug.cgi?id=1322609
[Bug 1322609] Log handler repeatedly crashes
https://bugzilla.redhat.com/show_bug.cgi?id=1324185
[Bug 1324185] Log handler repeatedly crashes
--
You are receiving this mail because:
You are on the CC list for the bug.
5 years, 7 months