oss-sec mailing list archives
Re: CVE-2014-0085 / Zookeeper
From: David Jorm <djorm () redhat com>
Date: Tue, 10 Jun 2014 00:06:02 -0400 (EDT)
Hi, could some from Red Hat please clarify on https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085 ? Does this affect stock releases from http://zookeeper.apache.org/ or is this CVE for a combination of Zookeeper and Red Hat JBoss A-MQ ? Cheers, Moritz
Hi Moritz. My apologies for the delayed reply. This flaw only affects Apache Zookeeper used in conjunction with Fuse Fabric. I have added more details here: https://bugzilla.redhat.com/show_bug.cgi?id=1067265#c7 Zookeeper seems to log all keys, which may lead to other similar flaws. Thanks -- David Jorm / Red Hat Product Security
Current thread:
- CVE-2014-0085 / Zookeeper Moritz Muehlenhoff (Jun 06)
- Re: CVE-2014-0085 / Zookeeper David Jorm (Jun 09)