Hash DoS vulnerability in Jenkins core
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
jenkins (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Steve Beattie | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
jenkins-executable-war (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Steve Beattie | ||
Precise |
Fix Released
|
Undecided
|
Unassigned | ||
jenkins-winstone (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Oneiric |
Fix Released
|
Medium
|
Steve Beattie | ||
Precise |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
[Impact]
<fill me in with explanation of severity and frequency of bug on users and justification for backporting the fix to the stable release>
[Development Fix]
<fill me in with an explanation of how the bug has been addressed in the development branch, including the relevant version numbers of packages modified in order to implement the fix. >
[Stable Fix]
<fill me in by pointing out a minimal patch applicable to the stable version of the package.>
[Text Case]
<fill me in with detailed *instructions* on how to reproduce the bug. This will be used by people later on to verify the updated package fixes the problem.>
1.
2.
3.
Broken Behavior:
Fixed Behavior:
[Regression Potential]
<fill me in with a discussion of likelihood and potential severity of regressions and how users could get inadvertently affected.
[Original Report]
Jenkins running standalone (as it does in the Ubuntu packaging) is vulnerable to the Hash DoS attack as detailed here:
http://
Full details of the Jenkins vulnerability:
http://
I believe this will require updates to jenkins-
Changed in jenkins (Ubuntu Oneiric): | |
assignee: | nobody → James Page (james-page) |
importance: | Undecided → Medium |
status: | New → In Progress |
Changed in jenkins-executable-war (Ubuntu Oneiric): | |
status: | New → In Progress |
Changed in jenkins-winstone (Ubuntu Oneiric): | |
status: | New → In Progress |
assignee: | nobody → James Page (james-page) |
Changed in jenkins-executable-war (Ubuntu Oneiric): | |
assignee: | nobody → James Page (james-page) |
visibility: | private → public |
Changed in jenkins-executable-war (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
Changed in jenkins-winstone (Ubuntu Oneiric): | |
importance: | Undecided → Medium |
description: | updated |
Commit for jenkins-winstone: https:/ /github. com/jenkinsci/ winstone/ commit/ a21916c1bc796b9 70d1b9e6c59f76b c603e698d0 executable- war: https:/ /github. com/jenkinsci/ extras- executable- war/commit/ 39de854731fcf20 4da6235b200a9ca 2b309e6a6c
Commit for jenkins-