Uploaded image for project: 'JBoss Enterprise Web Server'
  1. JBoss Enterprise Web Server
  2. JBEWS-371

EWS: decide if jsvc should have capability support

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Migrated to another ITS
    • Affects Version/s: EWS 1.0.2
    • Fix Version/s: EWS 2.0.0
    • Labels:
      None

      Description

      A flaw was recently reported for apache-/jakarta-commons-daemon jsvc:

      https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2729

      It only affected Linux builds that were compiled with libcap support. While investigating which EWS versions are affected, it was determined that we have libcap support in RHEL-4 version, but not in RHEL-5 and RHEL-6. It should be determined whether jsvc should be compiled with libcap support or not, and be consistent across RHEL versions (i.e. explicitly disable in .spec file, or add proper BuildRequires to have libcap-devel in RHEL-5 and RHEL-6 buildroots too).

      As part of response to CVE-2011-2729, we're disabling libcap support in 1.0.2 RHEL-4 builds, for consistency with RHEL-5/6.

        Attachments

          Activity

            People

            Assignee:
            permaine Permaine Cheung
            Reporter:
            thoger Tomas Hoger
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: