lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Wed, 14 Nov 2012 05:12:01 -0500 (EST) From: Jan Lieskovsky <jlieskov@...hat.com> To: Tim Brown <timb@...nvas.org>, Michael Wiegand <michael.wiegand@...enbone.net> Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com, oss-security@...ts.openwall.com, Michal Ambroz <rebus@...nam.cz> Subject: Re: [oss-security] Re: [OVSA20121112] OpenVAS Manager Vulnerable To Command Injection Hello Tim, thank you for the heads up and notification. The versions of openvas-manager package, as shipped with Fedora release of 16 and release of 17 is based on upstream 2.0.5 version yet. From what I have looked and can tell from upstream advisory and patch (for 3.0.X version): [1] http://www.openvas.org/OVSA20121112.html [2] http://wald.intevation.org/scm/viewvc.php?view=rev&root=openvas&revision=14437 the CVE-2012-5520 does not seem to be applicable to OpenVAS-4 / openvas-manager 2.0.5 version yet: [3] http://lists.wald.intevation.org/pipermail/openvas-announce/2012-August/000140.html But prior definitely classifying Fedora 16 and Fedora 17 openvas-manager package versions as not vulnerable to this issue, I would like to hear opinion / confirmation from someone more familiar with OpenVAS code. So could you confirm the CVE-2012-5520 wouldn't affect OpenVAS-4 2.0.X version (yet)? Thank you && Regards, Jan. -- Jan iankko Lieskovsky / Red Hat Security Response Team ----- Original Message ----- Doh, a document gets proof read by multiple people and yet it contains a mistake. In the Current Status section of the advisory, the date is incorrect. A corrected advisory is attached. Tim -- Tim Brown <mailto:timb@...nvas,org> <http://www.openvas.org/>
Powered by blists - more mailing lists