[Git][security-tracker-team/security-tracker][master] Add CVE-2018-1279/rabbitmq-server

Fri Dec 21 06:39:41 GMT 2018

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
4f890d45 by Salvatore Bonaccorso at 2018-12-21T06:39:02Z
Add CVE-2018-1279/rabbitmq-server

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -58703,7 +58703,11 @@ CVE-2017-17448 (net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4
 CVE-2018-1280 (Pivotal Greenplum Command Center versions 2.x prior to 2.5.1 contains ...)
 	NOT-FOR-US: Pivotal
 CVE-2018-1279 (Pivotal RabbitMQ for PCF, all versions, uses a deterministically ...)
-	TODO: check
+	- rabbitmq-server <unfixed>
+	[stretch] - rabbitmq-server <no-dsa> (Minor issue)
+	NOTE: https://pivotal.io/security/cve-2018-1279
+	NOTE: Underlying issue is the use of deterministically generated cookie.
+	NOTE: Issue can bemitigated by restricting network access from untrusted sources.
 CVE-2018-1278 (Apps Manager included in Pivotal Application Service, versions 1.12.x ...)
 	NOT-FOR-US: Pivotal
 CVE-2018-1277 (Cloud Foundry Garden-runC, versions prior to 1.13.0, does not ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f890d45c579c579b8817386db48ce5cd90a3fc6

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/4f890d45c579c579b8817386db48ce5cd90a3fc6
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20181221/1eb683ee/attachment.html>
