[Pki-devel] [PATCH] Patch for /tmp/file vulnerabilities
Matthew Harmsen
mharmsen at redhat.com
Tue Mar 3 21:12:08 UTC 2015
Please review the attached patch which addresses the following:
* Bugzilla Bug #1183176 - (CVE-2015-0234) CVE-2015-0234 pki-core 10.x:
multiple /tmp/ file vulnerabilities
<https://bugzilla.redhat.com/show_bug.cgi?id=1183176>
* Bugzilla Bug #1183178 - CVE-2015-0234 pki-core: pki-core 10.x:
multiple /tmp/ file vulnerabilities [fedora-all]
<https://bugzilla.redhat.com/show_bug.cgi?id=1183178>
The attached patch was tested using the Dogtag 10.2.2 source code on the 'master' branch as of 02/27/2015.
It was successfully tested for a shared instance CA, KRA, OCSP, TKS, and TPS including successfully running the 'tpsclient' tool.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150303/e4bf0b2b/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 20150227-Fix-for-tmpfile-vulnerabilities.patch
Type: text/x-patch
Size: 26238 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-devel/attachments/20150303/e4bf0b2b/attachment.bin>
More information about the Pki-devel
mailing list