Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Fedora 25 FEDORA-2017-fff6e1af37 Moderate Fedmsg Validation Issues

fedora
Calendar Grey January 24, 2017
Dist Fedora Esm H88
Enhances the authentication process in Fedora 25 fedmsg, guaranteeing accurate signature verification and preserving configuration fidelity.
Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the ...

Summary

Python API used around Fedora Infrastructure to send and receive messages with

zeromq. Includes some CLI tools.

Update Information:

Fix validation logic in the base consumer The base consumer is intended to only derive its validation switch from the on-disk configuration if the child class doesn't override the validate_signatures switch. There was a bug here where the default value provided in the base class made it appear as if *all* child consumers had turned *off* validation, which is incorrect. This fix turns on signature validation by default while preserving the ability of child consumersto override the on-disk configuration in special cases. - Fixes: CVE-2017-1000001 - Reviewed-by: Patrick Uiterwijk

Topics%20covered

Topics Covered

security advisory moderate configuration issue signature validation fedmsg

Change Log

References

Fedora Update Notification FEDORA-2017-fff6e1af37 2017-01-24 19:30:37.937615
Name : fedmsg Product : Fedora 25 Version : 0.18.2 Release : 1.fc25 URL : https://github.com/fedora-infra/fedmsg Summary : Tools for Fedora Infrastructure real-time messaging Description : Python API used around Fedora Infrastructure to send and receive messages with zeromq. Includes some CLI tools.

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade fedmsg' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Name: fedmsg
Product: Fedora 25
Version: 0.18.2
Release: 1.fc25
URL: https://github.com/fedora-infra/fedmsg
Summary: Tools for Fedora Infrastructure real-time messaging

Topics%20covered

Topics Covered

security advisory moderate configuration issue signature validation fedmsg

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here