Dear OpenXPKI users and developers, We have identified a security problem in OpenXPKI that could possibly be exploited remotely (depending on setup and configuration). Unfortunately, the problem cannot easily be fixed with just a few lines of code. Instead, we have developed a proper solution for the problem.
This solution requires installation of an additional dependency (one additional Perl module) and has been thoroughly tested on our side. We can safely say it works without a problem on a production system (verified on Linux x86 (64 and 32 bit), Solaris 10 (Sparc) and FreeBSD). We strongly recommend all users running OpenXPKI to apply the patch as soon as possible. Prior to upgrading to the patched version, make sure you install the CPAN module Proc::SafeExec. This module has no other dependencies, so installing it should not cause problems. Patching the system can either be done by - upgrading the OpenXPKI core package to the latest SVN or Git release (SVN release 1570 or higher; any Git branch that includes commit ede04d9be3627030102a816420511210c521a0e6) or by - applying the attached patch to your installation. The attached patch should apply cleanly to any reasonably recent installation of OpenXPKI. Thanks to Alex for the fix itself, Scott, Joachim, Julia and Sergei for their input and help in testing the patch. We sincerely apologize for the inconvenience, Martin
OpenXPKI-Crypto-CLI.patch.gz
Description: GNU Zip compressed data
------------------------------------------------------------------------------ Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-d2d-2
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
