Bug 900879 (CVE-2014-0104)

Summary: VUL-1: CVE-2014-0104: fence-agents: no verification of remote SSL certificates
Product: [Novell Products] SUSE Security Incidents Reporter: Sebastian Krahmer <krahmer>
Component: IncidentsAssignee: Kristoffer Gronlund <kgronlund>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team, smash_bz
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/109091/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Comment 1 Sebastian Krahmer 2014-10-13 08:35:13 UTC
Seems like a package where missing X509 checks are not a so
severe issue. Therefore setting VUL-1 and its enough to fix in
Factory.
Comment 2 Kristoffer Gronlund 2014-10-13 09:37:56 UTC
Partially fixed by bnc#896833. Complementary fix for remaining agents to be applied.
Comment 3 Bernhard Wiedemann 2014-10-13 13:00:12 UTC
This is an autogenerated message for OBS integration:
This bug (900879) was mentioned in
https://build.opensuse.org/request/show/255744 Factory / fence-agents
Comment 4 Kristoffer Gronlund 2014-10-13 13:56:44 UTC
Fix submitted for Factory.