Project

General

Profile

Bug #9621

CVE-2014-7202 zeromq: stream engine security can be downgraded by client

Added by Wade Mealing almost 5 years ago. Updated almost 5 years ago.

Status:
Can't reproduce
Priority:
Normal
Assignee:
Category:
Backend (services)
Target version:
Start date:
09/29/2014
Due date:
% Done:

0%

Source:
Community (dev)
Tags:
Backport:
Regression:
No
Severity:
3 - minor
Reviewed:
Affected Versions:
ceph-qa-suite:

Description

This is the tracker bug for: https://bugzilla.redhat.com/show_bug.cgi?id=1147311

  • This may effect ICE 1.2
  • This may effect ICE 1.2

Upstream commit here:
https://github.com/hintjens/libzmq/commit/77f14aad95cdf0d2a244ae9b4a025e5ba0adf01a

From: http://www.inktank.com/enterprise/support/

Security Updates

Throughout the support lifecycle, qualified security issues of Critical or Important impact, as well as select mission-critical bugs, will be addressed by updated packages. For more information on how the impact of security issues is assessed, please read Issue Severity Classification on access.redhat.com.
- See more at: http://www.inktank.com/enterprise/support/#sthash.9P6Uxs2W.dpuf

This issue does not fit the critical or imporant category under the current CVSS2 score, however if it can be picked up in the any spare cycles it would definitely be worth fixing.

I apologise in advance if the budge is lodged incorrectly.

History

#1 Updated by Wade Mealing almost 5 years ago

Typo, this may effect ICE 1.3 (Unreleased).

#2 Updated by Dan Mick almost 5 years ago

  • Status changed from New to Verified

#3 Updated by Dan Mick almost 5 years ago

  • Assignee set to Dan Mick
  • Source changed from other to Community (dev)

Look at resolving with upstream zmq

#4 Updated by Dan Mick almost 5 years ago

This code is not included in the 3.x branch, so yet more motivation to downgrade to 3.x

#5 Updated by Dan Mick almost 5 years ago

  • Status changed from Verified to Can't reproduce

Also available in: Atom PDF