2006-08-08: multiple local privilege escalation vulnerabilities This problem applies to systems where setuid/seteuid call call fail due to resource exhaustion. One operating system that is true is Linux. The programs that this this problem applies to are ftpd and rcp. The problem only apply to rcp if it installed setuid root (not done by default). Patch (heimdal-0.7.2-setuid-patch) for Heimdal 0.7.2 fixes this problem. One workaround is to make sure set{e,}uid doesn't fail. Also disabling ftpd and removing the setuid bit from rcp will solve the problem. Thanks to Tom Yu at MIT and Michael Calmer and Marcus Meissner at SUSE for tell us about the problem. Either of CVE-2006-3083 or CVE-2006-3084 describes this problems.
Kerberos please provide an updated ebuild.
Ebuild is on its way, sorry for the delay.
ebuild is in portage. the patch ball is on its way to the mirrors and is also in my dev.gentoo space (in SRC_URI). Will remove that some time during the stable marking, after our mirrors have the patchball.
adding arches, btw
x86 is done, easy enough to test actually.
amd64 stable.
alpha stable.
ppc stable
Stable on SPARC
ppc64 stable
stable on hppa
This is ready for GLSA.
GLSA 200608-21 , thanks to all and especially daxo'
0.7.2-r3 stable on mips.