Uploaded image for project: 'JBoss Enterprise Web Server'
  1. JBoss Enterprise Web Server
  2. JBEWS-371

EWS: decide if jsvc should have capability support

    Details

    • Type: Bug
    • Status: Closed (View Workflow)
    • Priority: Minor
    • Resolution: Migrated to another ITS
    • Affects Version/s: EWS 1.0.2
    • Fix Version/s: EWS 2.0.0
    • Labels:
      None

      Description

      A flaw was recently reported for apache-/jakarta-commons-daemon jsvc:

      https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-2729

      It only affected Linux builds that were compiled with libcap support. While investigating which EWS versions are affected, it was determined that we have libcap support in RHEL-4 version, but not in RHEL-5 and RHEL-6. It should be determined whether jsvc should be compiled with libcap support or not, and be consistent across RHEL versions (i.e. explicitly disable in .spec file, or add proper BuildRequires to have libcap-devel in RHEL-5 and RHEL-6 buildroots too).

      As part of response to CVE-2011-2729, we're disabling libcap support in 1.0.2 RHEL-4 builds, for consistency with RHEL-5/6.

        Gliffy Diagrams

          Attachments

            Activity

              People

              • Assignee:
                permaine Permaine Cheung
                Reporter:
                thoger Tomas Hoger
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: