[Bug 1205632] New: CVE-2015-1811 jenkins: External entity processing in XML can reveal sensitive local files (SECURITY-167)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1205632
Bug ID: 1205632
Summary: CVE-2015-1811 jenkins: External entity processing in
XML can reveal sensitive local files (SECURITY-167)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jdetiber(a)redhat.com, jialiu(a)redhat.com,
jkeck(a)redhat.com, joelsmith(a)redhat.com,
jokerman(a)redhat.com, kseifried(a)redhat.com,
lmeyer(a)redhat.com, mmccomas(a)redhat.com,
msrb(a)redhat.com
This vulnerability allows attackers to create malicious XML documents and feed
that into Jenkins, which causes Jenkins to retrieve arbitrary XML document on
the server, resulting in the exposure of sensitive information inside/outside
Jenkins.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=ZHDBSZCgVg&a=cc_unsubscribe
8 years, 7 months
[Bug 1205625] New: CVE-2015-1809 jenkins: external entity injection via XPath (SECURITY-165)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1205625
Bug ID: 1205625
Summary: CVE-2015-1809 jenkins: external entity injection via
XPath (SECURITY-165)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jdetiber(a)redhat.com, jialiu(a)redhat.com,
jkeck(a)redhat.com, joelsmith(a)redhat.com,
jokerman(a)redhat.com, kseifried(a)redhat.com,
lmeyer(a)redhat.com, mmccomas(a)redhat.com,
msrb(a)redhat.com
This vulnerability allows users with the read access to Jenkins to retrieve
arbitrary XML document on the server, resulting in the exposure of sensitive
information inside/outside Jenkins.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=hLJy24Ki14&a=cc_unsubscribe
8 years, 7 months
[Bug 1205623] New: CVE-2015-1808 jenkins: update center metadata retrieval DoS attack (SECURITY-163)
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1205623
Bug ID: 1205623
Summary: CVE-2015-1808 jenkins: update center metadata
retrieval DoS attack (SECURITY-163)
Product: Security Response
Component: vulnerability
Keywords: Security
Severity: medium
Priority: medium
Assignee: security-response-team(a)redhat.com
Reporter: vkaigoro(a)redhat.com
CC: bleanhar(a)redhat.com, ccoleman(a)redhat.com,
dmcphers(a)redhat.com,
java-sig-commits(a)lists.fedoraproject.org,
jdetiber(a)redhat.com, jialiu(a)redhat.com,
jkeck(a)redhat.com, joelsmith(a)redhat.com,
jokerman(a)redhat.com, kseifried(a)redhat.com,
lmeyer(a)redhat.com, mmccomas(a)redhat.com,
msrb(a)redhat.com
This vulnerability allows authenticated users to disrupt the operation of
Jenkins by feeding malicious update center data into Jenkins, affecting plugin
installation and tool installation.
External References:
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+20...
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=VC6P9X4fvt&a=cc_unsubscribe
8 years, 7 months
[Bug 1155699] New: sbt: broken hawtjni-runtime-1.8.jar symlink
by Red Hat Bugzilla
https://bugzilla.redhat.com/show_bug.cgi?id=1155699
Bug ID: 1155699
Summary: sbt: broken hawtjni-runtime-1.8.jar symlink
Product: Fedora
Version: rawhide
Component: sbt
Assignee: willb(a)redhat.com
Reporter: mizdebsk(a)redhat.com
QA Contact: extras-qa(a)fedoraproject.org
CC: java-sig-commits(a)lists.fedoraproject.org, s(a)shk.io,
willb(a)redhat.com
Description of problem:
sbt has broken hawtjni-runtime-1.8.jar symlink. This prevents sbt from
starting.
Version-Release number of selected component (if applicable):
0.13.1-5
Steps to Reproduce:
1. yum install sbt
2. sbt sbtVersion
Actual results:
[root@mizdebsk /]# sbt sbtVersion
Getting org.scala-sbt sbt 0.13.1 ...
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/sbt/0.13.1/sbt-0.13.1.jar ...
[SUCCESSFUL ] org.scala-sbt#sbt;0.13.1!sbt.jar (3ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/main/0.13.1/main-0.13.1.jar ...
[SUCCESSFUL ] org.scala-sbt#main;0.13.1!main.jar (5ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/compiler-interface/0.13.1/compiler-interface-bin-0.13.1.jar
...
[SUCCESSFUL ]
org.scala-sbt#compiler-interface;0.13.1!compiler-interface-bin.jar (1ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/compiler-interface/0.13.1/compiler-interface-src-0.13.1.jar
...
[SUCCESSFUL ]
org.scala-sbt#compiler-interface;0.13.1!compiler-interface-src.jar (1ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/actions/0.13.1/actions-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#actions;0.13.1!actions.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/main-settings/0.13.1/main-settings-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#main-settings;0.13.1!main-settings.jar (4ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/interface/0.13.1/interface-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#interface;0.13.1!interface.jar (2ms)
downloading file:/usr/share/sbt/ivy-local/org.scala-sbt/io/0.13.1/io-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#io;0.13.1!io.jar (3ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/ivy/0.13.1/ivy-0.13.1.jar ...
[SUCCESSFUL ] org.scala-sbt#ivy;0.13.1!ivy.jar (13ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/launcher-interface/0.13.1/launcher-interface-0.13.1.jar
...
[SUCCESSFUL ]
org.scala-sbt#launcher-interface;0.13.1!launcher-interface.jar (8ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/logging/0.13.1/logging-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#logging;0.13.1!logging.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/process/0.13.1/process-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#process;0.13.1!process.jar (1ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/run/0.13.1/run-0.13.1.jar ...
[SUCCESSFUL ] org.scala-sbt#run;0.13.1!run.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/command/0.13.1/command-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#command;0.13.1!command.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/classpath/0.13.1/classpath-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#classpath;0.13.1!classpath.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/completion/0.13.1/completion-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#completion;0.13.1!completion.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/api/0.13.1/api-0.13.1.jar ...
[SUCCESSFUL ] org.scala-sbt#api;0.13.1!api.jar (4ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/compiler-integration/0.13.1/compiler-integration-0.13.1.jar
...
[SUCCESSFUL ]
org.scala-sbt#compiler-integration;0.13.1!compiler-integration.jar (12ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/compiler-ivy-integration/0.13.1/compiler-ivy-integration-0.13.1.jar
...
[SUCCESSFUL ]
org.scala-sbt#compiler-ivy-integration;0.13.1!compiler-ivy-integration.jar
(2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/relation/0.13.1/relation-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#relation;0.13.1!relation.jar (13ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/task-system/0.13.1/task-system-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#task-system;0.13.1!task-system.jar (4ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/tasks/0.13.1/tasks-0.13.1.jar ...
[SUCCESSFUL ] org.scala-sbt#tasks;0.13.1!tasks.jar (5ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/tracking/0.13.1/tracking-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#tracking;0.13.1!tracking.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/testing/0.13.1/testing-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#testing;0.13.1!testing.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-lang/scala-compiler/2.10.3/scala-compiler-2.10.3.jar
...
[SUCCESSFUL ] org.scala-lang#scala-compiler;2.10.3!scala-compiler.jar
(70ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/control/0.13.1/control-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#control;0.13.1!control.jar (3ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-lang/scala-library/2.10.3/scala-library-2.10.3.jar
...
[SUCCESSFUL ] org.scala-lang#scala-library;2.10.3!scala-library.jar (47ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-lang/scala-reflect/2.10.3/scala-reflect-2.10.3.jar
...
[SUCCESSFUL ] org.scala-lang#scala-reflect;2.10.3!scala-reflect.jar (19ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/collections/0.13.1/collections-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#collections;0.13.1!collections.jar (3ms)
downloading file:/usr/share/sbt/ivy-local/jline/jline/2.11/jline-2.11.jar ...
[SUCCESSFUL ] jline#jline;2.11!jline.jar (1ms)
downloading
file:/usr/share/sbt/ivy-local/org.fusesource.jansi/jansi/1.9/jansi-1.9.jar ...
[SUCCESSFUL ] org.fusesource.jansi#jansi;1.9!jansi.jar (3ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/incremental-compiler/0.13.1/incremental-compiler-0.13.1.jar
...
[SUCCESSFUL ]
org.scala-sbt#incremental-compiler;0.13.1!incremental-compiler.jar (7ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/compile/0.13.1/compile-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#compile;0.13.1!compile.jar (1ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/persist/0.13.1/persist-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#persist;0.13.1!persist.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/classfile/0.13.1/classfile-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#classfile;0.13.1!classfile.jar (3ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-tools.sbinary/sbinary_2.10/0.4.2/sbinary_2.10-0.4.2.jar
...
[SUCCESSFUL ] org.scala-tools.sbinary#sbinary_2.10;0.4.2!sbinary_2.10.jar
(2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/cross/0.13.1/cross-0.13.1.jar ...
[SUCCESSFUL ] org.scala-sbt#cross;0.13.1!cross.jar (4ms)
downloading
file:/usr/share/sbt/ivy-local/org.apache.ivy/ivy/2.3.0/ivy-2.3.0.jar ...
[SUCCESSFUL ] org.apache.ivy#ivy;2.3.0!ivy.jar (5ms)
downloading
file:/usr/share/sbt/ivy-local/com.jcraft/jsch/0.1.46/jsch-0.1.46.jar ...
[SUCCESSFUL ] com.jcraft#jsch;0.1.46!jsch.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/cache/0.13.1/cache-0.13.1.jar ...
[SUCCESSFUL ] org.scala-sbt#cache;0.13.1!cache.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/test-agent/0.13.1/test-agent-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#test-agent;0.13.1!test-agent.jar (2ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/test-interface/1.0/test-interface-1.0.jar
...
[SUCCESSFUL ] org.scala-sbt#test-interface;1.0!test-interface.jar (3ms)
downloading
file:/usr/share/sbt/ivy-local/org.scala-sbt/apply-macro/0.13.1/apply-macro-0.13.1.jar
...
[SUCCESSFUL ] org.scala-sbt#apply-macro;0.13.1!apply-macro.jar (2ms)
:: problems summary ::
:::: WARNINGS
[NOT FOUND ]
org.fusesource.hawtjni#hawtjni-runtime;1.8!hawtjni-runtime.jar (0ms)
==== fedora: tried
file:/usr/share/sbt/ivy-local/org.fusesource.hawtjni/hawtjni-runtime/1.8/hawtjni-runtime-1.8.jar
[NOT FOUND ] org.fusesource.jansi#jansi-native;1.5!jansi-native.jar
(0ms)
==== fedora: tried
file:/usr/share/sbt/ivy-local/org.fusesource.jansi/jansi-native/1.5/jansi-native-1.5.jar
::::::::::::::::::::::::::::::::::::::::::::::
:: FAILED DOWNLOADS ::
:: ^ see resolution messages for details ^ ::
::::::::::::::::::::::::::::::::::::::::::::::
:: org.fusesource.hawtjni#hawtjni-runtime;1.8!hawtjni-runtime.jar
:: org.fusesource.jansi#jansi-native;1.5!jansi-native.jar
::::::::::::::::::::::::::::::::::::::::::::::
:: USE VERBOSE OR DEBUG MESSAGE LEVEL FOR MORE DETAILS
download failed: org.fusesource.hawtjni#hawtjni-runtime;1.8!hawtjni-runtime.jar
download failed: org.fusesource.jansi#jansi-native;1.5!jansi-native.jar
Error during sbt execution: Error retrieving required libraries
(see /root/.sbt/boot/update.log for complete log)
Error: Could not retrieve sbt 0.13.1
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug https://bugzilla.redhat.com/token.cgi?t=qn1EPWLA0o&a=cc_unsubscribe
8 years, 10 months