You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@karaf.apache.org by jb...@apache.org on 2019/01/03 07:01:56 UTC

svn commit: r1850218 - in /karaf/site/production: documentation.html security/cve-2014-0219.txt security/cve-2018-11787.txt

Author: jbonofre
Date: Thu Jan  3 07:01:56 2019
New Revision: 1850218

URL: http://svn.apache.org/viewvc?rev=1850218&view=rev
Log:
[scm-publish] Updating main website contents

Added:
    karaf/site/production/security/cve-2014-0219.txt
Modified:
    karaf/site/production/documentation.html
    karaf/site/production/security/cve-2018-11787.txt

Modified: karaf/site/production/documentation.html
URL: http://svn.apache.org/viewvc/karaf/site/production/documentation.html?rev=1850218&r1=1850217&r2=1850218&view=diff
==============================================================================
--- karaf/site/production/documentation.html (original)
+++ karaf/site/production/documentation.html Thu Jan  3 07:01:56 2019
@@ -361,6 +361,10 @@
 								<p>CVE-2018-11787 : Unsecure access to Gogo shell in the webconsole.</p>
 								<a class="btn btn-outline-primary" href="security/cve-2018-11787.txt">Notes &raquo;</a>
 							</div>
+              <div class="pb-4 mb-3">
+                <p>CVE-2014-0219 : Apache Karaf enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high ports.</p>
+                <a class="btn btn-outline-primary" href="security/cve-2014-0219.txt">Notes &raquo;</a>
+              </div>
 
             </div><!-- /.blog-main -->
         </div>

Added: karaf/site/production/security/cve-2014-0219.txt
URL: http://svn.apache.org/viewvc/karaf/site/production/security/cve-2014-0219.txt?rev=1850218&view=auto
==============================================================================
--- karaf/site/production/security/cve-2014-0219.txt (added)
+++ karaf/site/production/security/cve-2014-0219.txt Thu Jan  3 07:01:56 2019
@@ -0,0 +1,45 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+CVE-2014-0219: Apache Karaf bind shutdown port on loopback interface
+
+Severity: Minor
+
+Vendor: The Apache Software Foundation
+
+Versions Affected:
+
+This vulnerability affects all versions of Apache Karaf prior to 4.0.10
+
+Description:
+
+Apache Karaf enables a shutdown port on the loopback interface, which 
+allows local users to cause a denial of service (shutdown) by sending 
+a shutdown command to all listening high ports.
+
+This has been fixed in revision:
+
+https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=99365a3
+
+Migration:
+
+Apache Karaf users should upgrade to 4.0.10 or later and disable the
+shutdown port.
+
+Credit: This issue was reported by Colm O hEigeartaigh of Talend.
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEEGqjPktQJpzOT0Lc2v/LuQsgoLnYFAlwtsiQACgkQv/LuQsgo
+LnbrIg/6ApxUUR0cY7x/n5eM6fCP3io1+vmVineUIhBwu5H97jKBvtTWkNrWoAAv
+tovNuYZVykyOpqBGu/Y4T/G5ryox1MaYV8jP7dad7I4wgqxSXFucoxRvSXr6jjAz
+zF3rxHlGw1b0aKQDZgHBv8vcbbVtw6rE6opKdjwN/C4LCDojVhQQbmSlj+oCIAJI
+JVns9NMpo8VY3btYs0OizmqTtOoKUHkmy4Jy1Fpolsv4KRZrsmvTntPoEYLrjbUy
+5xKu/fTGEstJWhOi66xtSPfM+KwDfPVbvmu8QDxQldl6mjPBAQMwhYQSzz6ubNEF
+3rN4zx80r/cPBQbflaiYnoLuJPhJzdUxgxPAuvvq//t7RCKdS+zMQ2pkxXt0W8p1
+9WVhaVhfQmZf+RoRMnrHcNlvV5EXLRyTfegRScd7+8iPESESi9qnOU2x8JuoqKWc
+K1RY94ZD9wdbLh4HqnrqsaYZFrmJ3QXusrSqlioTltjlBE8E9BOVHnvsRnv6kp+S
+2r+57iauD7SdMtuMuBPTFc9FOHR3DhTm6dYTiuLp7jdwRA8zRX67oTIh17D9zGH9
+YC9B61Rq8ofhoVoRQukfEDkhh423/Oi6IUijPmSPF0dV7nRFd27WadagFFQVfgl3
+s2ktdT89ER72fyEi99Qp4tMtY6P9bfblIlt5HyuTxhUTRjzf05k=
+=MziI
+-----END PGP SIGNATURE-----

Modified: karaf/site/production/security/cve-2018-11787.txt
URL: http://svn.apache.org/viewvc/karaf/site/production/security/cve-2018-11787.txt?rev=1850218&r1=1850217&r2=1850218&view=diff
==============================================================================
--- karaf/site/production/security/cve-2018-11787.txt (original)
+++ karaf/site/production/security/cve-2018-11787.txt Thu Jan  3 07:01:56 2019
@@ -1,3 +1,6 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
 CVS-2018-11787: Apache Karaf unsecure access to Gogo shell in the webconsole
 
 Severity: Moderate
@@ -41,3 +44,19 @@ or later as soon as possible.
 JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-4993
 
 Credit: This issue was reported by Kevin Schmidt
+-----BEGIN PGP SIGNATURE-----
+
+iQIzBAEBCAAdFiEEGqjPktQJpzOT0Lc2v/LuQsgoLnYFAlwtsoQACgkQv/LuQsgo
+LnaFTg//d5auXMS+5PBBDyNIqY6MVpBEWEqAgeir2eBBtj5vqACSRQh3+QcUFWAt
+a/nZpj6A/BNiuWDR5vYpbgmX0ywyPys7DHdJ8icoFzhqygZpm0UqTLhqKtgjHWy4
+SDBPQWbcybp5n+xXw2R6XoMvf2N3o9iGB/AjDXjPUqehMEfjUvlhfnqlJkurW0PH
+1TrgaP6IAUGk6bAijvQB7SuxUCJ1G+G6uFON7bT3J+5Ctj+kcLYUcCwKNJMFVXHg
+sbTB8GoG0U7wyA40+pTfhD4CeFAwmnT4LxXOSkJKIKNh11YNmBacxSu/7y/hQ8PS
+hRaoodHVQTnYV1kZZLsFR+W0s3uj5splfgucK37oIOIj8rvNSo/lZicgvG7k+2a+
+up0pBMja6DXJFHSFJT4HwTUQoaSbFdqdz4Oy+eZkiQfvyCGGlaaqi9EHb1uxS7ss
+/lGQbDQnKGNtIwNZgKxLtxv/Zcm95paMVGAQ7kiiIKYTnt68nMSmZGN+FJzQIWle
+HBapQAvd12HP6QHdsPACQTZKyCUkwa7sR5kM45gvyzx4jMTZqL9yaMcwK1VsBaRW
+lnlUmGBA5Zak3h01BdNrlDgK1R/iBPFtbnaWFf4UFsOfK5B4CtTClRkqGIF9N2VC
+/hcor/IbA9wSXJH7sR1mAvbt8dEGHHOAGDkPzQnpBWdCcr9j/pY=
+=1dSW
+-----END PGP SIGNATURE-----