[Bug 1007761] New: VUL-1: CVE-2016-8889: bitcoin: private keys and the wallet passphrase visible in debug console history across restarts
http://bugzilla.suse.com/show_bug.cgi?id=1007761 Bug ID: 1007761 Summary: VUL-1: CVE-2016-8889: bitcoin: private keys and the wallet passphrase visible in debug console history across restarts Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: mpluskal@suse.com Reporter: abergmann@suse.com QA Contact: qa-bugs@suse.de Found By: Security Response Team Blocker: --- Question: I'm not sure if this affects openSUSE or not, so please verify. CVE-2016-8889 In Bitcoin Knots v0.11.0.ljr20150711 through v0.13.0.knots20160814 (fixed in v0.13.1.knots20161027), the debug console stores sensitive information including private keys and the wallet passphrase in its persistent command history. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-8889 http://www.cvedetails.com/cve/CVE-2016-8889/ https://bitcointalk.org/index.php?topic=1618462.0 https://github.com/bitcoinknots/bitcoin/blob/v0.13.1.knots20161027/doc/relea... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1007761
http://bugzilla.suse.com/show_bug.cgi?id=1007761#c1
--- Comment #1 from Martin Pluskal
http://bugzilla.suse.com/show_bug.cgi?id=1007761
http://bugzilla.suse.com/show_bug.cgi?id=1007761#c2
Swamp Workflow Management
http://bugzilla.suse.com/show_bug.cgi?id=1007761
http://bugzilla.suse.com/show_bug.cgi?id=1007761#c3
Martin Pluskal
participants (1)
-
bugzilla_noreply@novell.com