A security issue has been reported in Conky, which can be exploited by malicious, local users to perform certain actions with escalated privileges. The security issue is caused due to Conky's "eve" module using the "/tmp/.cesf" file in an insecure manner, which can be exploited to e.g. overwrite arbitrary files with the privileges of the user running Conky. Successful exploitation requires that the "eve" module is compiled and configured. The security issue is reported in version 1.8.1. Other versions may also be affected. http://secunia.com/advisories/43225/ https://bugs.launchpad.net/ubuntu/+source/conky/+bug/607309
+*conky-1.8.1-r1 (11 Feb 2011) + + 11 Feb 2011; Daniel Pielmeier <billie@gentoo.org> +conky-1.8.1-r1.ebuild, + +files/conky-1.8.1-acpitemp.patch, +files/conky-1.8.1-secunia-SA43225.patch: + Revision bump to fix security bug #354061 and also bug #352012. I have added an ebuild including a patch from upstream which should fix the issue.
Upstream is still working on this, so the patch may change. I will report back here if there is a proper solution.
+*conky-1.8.1-r2 (12 Feb 2011) + + 12 Feb 2011; Daniel Pielmeier <billie@gentoo.org> -conky-1.8.1-r1.ebuild, + +conky-1.8.1-r2.ebuild, files/conky-1.8.1-secunia-SA43225.patch: + Updated patch security bug #354061. Now there is a new patch which is supposed to be cleaner. The old one should have worked as well.
How do we procceed here. Shouldn't we stabilise 1.8.1-r2 as current stable (1.8.0-r1) is affected as well.
Arches, please stabilize =app-admin/conky-1.8.1-r2
USE="xmms2" pulled in media-sound/xmms2-0.7-r2 (masked by: ~amd64 keyword) we stabilize also it, or what?
xmms2 should be ready to go I guess but lets CC the maintainer and see what he thinks
(In reply to comment #7) > xmms2 should be ready to go I guess but lets CC the maintainer and see what he > thinks > Yeah. Stable in tree for more, than a month without any known problems. (Actually there is one: CC=distcc, but I haven't manged to reproduce it). Feel free to stabilize media-sound/xmms2. Just be careful as it has a lot of deps. On amd64 you will need at least: media-sound/sidplay
amd64 ok =app-admin/conky-1.8.1-r2 =media-sound/xmms2-0.7-r2 =media-sound/sidplay-2.0.9
amd64 done. Thanks Agostino
I tested these 3 packages on x86 and two things: xmms2 should depend on dev-libs/libcdio for USE="cdda". Otherwise: The following required plugin(s) failed to configure: cdda * ERROR: media-sound/xmms2-0.7-r2 failed: * 'waf configure' failed xmms2 should also depend on net-dns/avahi(USE=+mdnsresponder-compat) for USE="avahi". Otherwise: The following required optional(s) failed to configure: dns_sd * ERROR: media-sound/xmms2-0.7-r2 failed: * 'waf configure' failed
ppc done
(In reply to comment #12) > ppc done ppc/ppc64 stable
Stable on alpha.
stable x86, I fixed those (USE) dependency issues spotted by Andreas...thanks
alpha/sparc stable
Actually this needs xmms2 stable on alpha...
Stable on alpha: =media-sound/mac-3.99.4.5.7 =media-libs/libofa-0.9.3 =media-libs/resid-0.16_p2 =media-sound/xmms2-0.7-r2 =app-admin/conky-1.8.1-r2
Thanks, everyone. GLSA Vote: yes.
Vote: YES. New GLSA request filed.
CVE identifier missing, can someone of the new scouts check if there is one and if not, request one?
Couldn't find any CVE for this - requested one.
Thanks. When you have requested a CVE, Sean, you can add "(CVE requested)" to the summary.
@maintainer, Please remove vulnerable version from the tree.
This was assigned CVE-2011-3616 - I don't have edit privileges to update the summary or alias.
(In reply to comment #25) > This was assigned CVE-2011-3616 - I don't have edit privileges to update the > summary or alias. Thanks, Sean!
(In reply to comment #24) > @maintainer, Please remove vulnerable version from the tree. Done!
This issue was resolved and addressed in GLSA 201110-09 at http://security.gentoo.org/glsa/glsa-201110-09.xml by GLSA coordinator Stefan Behte (craig).
CVE-2011-3616 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3616): The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf.
