[Bugs] [Bug 13255] New: [CVE 21] jgroups 3.6.10 CVEs found

[bugzilla]

https://bugzilla.rosalinux.ru/show_bug.cgi?id=13255

          Platform: 2021.1
            Bug ID: 13255
           Summary: [CVE 21] jgroups 3.6.10 CVEs found
    Classification: ROSA-based products
           Product: ROSA Fresh
           Version: All
          Hardware: All
               URL: CVE-2016-2141,
                OS: Linux
            Status: CONFIRMED
          Severity: normal
          Priority: Normal
         Component: System (kernel, glibc, systemd, bash, PAM...)
          Assignee: bugs на lists.rosalinux.ru
          Reporter: y.tumanov на rosalinux.ru
        QA Contact: bugs на lists.rosalinux.ru
                CC: s.matveev на rosalinux.ru, y.tumanov на rosalinux.ru
  Target Milestone: ---
             Flags: secteam_verified?

Please patch CVEs for package jgroups version 3.6.10  
INFO (CVEs are): jgroups 3.6.10 cves found
CVE-2016-2141
Desc: It was found that JGroups did not require necessary headers for encrypt
and auth protocols from new nodes joining the cluster. An attacker could use
this flaw to bypass security restrictions, and use this vulnerability to send
and receive messages within the cluster, leading to information disclosure,
message spoofing, or further possible attacks.
Link: https://nvd.nist.gov/vuln/detail/CVE-2016-2141
Severity: CRITICAL

-- 
You are receiving this mail because:
You are the QA Contact for the bug.
You are the assignee for the bug.
----------- следущая часть -----------
Вложение в формате HTML было извлечено…
URL: <http://lists.rosalinux.ru/pipermail/bugs/attachments/20230503/caea9857/attachment.html>