oss-sec mailing list archives

Re: CVE-2014-0085 / Zookeeper

From: David Jorm <djorm () redhat com>
Date: Tue, 10 Jun 2014 00:06:02 -0400 (EDT)

Hi,
could some from Red Hat please clarify on
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-0085 ?

Does this affect stock releases from http://zookeeper.apache.org/ or is this
CVE for a combination
of Zookeeper and Red Hat JBoss A-MQ ?

Cheers,
        Moritz


Hi Moritz. My apologies for the delayed reply. This flaw only affects Apache Zookeeper used in conjunction with Fuse 
Fabric. I have added more details here:

https://bugzilla.redhat.com/show_bug.cgi?id=1067265#c7

Zookeeper seems to log all keys, which may lead to other similar flaws.

Thanks
-- 
David Jorm / Red Hat Product Security

Current thread:

CVE-2014-0085 / Zookeeper Moritz Muehlenhoff (Jun 06)
- Re: CVE-2014-0085 / Zookeeper David Jorm (Jun 09)