Gentoo Bug 45159 - app-admin/sysstat-5.0.2 version bump [ due to security issues ]

First Last Prev Next No search results available Search page Enter new bug

Bug#:	45159
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Daniel Webert <rockoo@gmail.com>
Add CC:
CC:

URL:
Summary:
Status Whiteboard:
Keywords:

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 45159 depends on:			Show dependency tree
Bug 45159 blocks:			Show dependency tree

Votes:	0 Show votes for this bug Vote for this bug

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2004-03-19 13:12 0000

app-admin/sysstat-5.0.2 version bump

------- Comment #1 From Tim Yamin (RETIRED) 2004-03-23 14:52:42 0000 -------

Sparc, PPC, and AMD64 teams: Can you please mark this stable on your
architectures since there seems to be a security bug related with this:
http://www.securityfocus.com/bid/9844/info/ - Thanks!

------- Comment #2 From Jason Wever (RETIRED) 2004-03-23 17:46:26 0000 -------

Stable on sparc.

------- Comment #3 From Daniel Webert 2004-03-25 18:05:59 0000 -------

in portage

------- Comment #4 From Tim Yamin (RETIRED) 2004-03-26 08:21:49 0000 -------

PPC people still need to unmask this.

------- Comment #5 From Tim Yamin (RETIRED) 2004-04-02 12:53:08 0000 -------

This needs a nudge since this is a security issue and the PPC people haven't
yet marked this as stable. Thanks...

------- Comment #6 From Lars Weiler (RETIRED) 2004-04-02 16:32:49 0000 -------

finally bumped stable on ppc.

------- Comment #7 From Tim Yamin (RETIRED) 2004-04-03 03:42:26 0000 -------

Thanks Pylon. Should we issue a GLSA for this or not - this seems to be a issue
with an insecure /tmp symlink vulnerability?

------- Comment #8 From Thierry Carrez (RETIRED) 2004-04-06 07:49:14 0000 -------

Yes,
It allows overwriting files with the id of the user running the isag command (theorically, not root). I am not sure a GLSA is needed, but there was a RHSA and a DSA on the subject :

https://rhn.redhat.com/errata/RHSA-2004-093.html
http://www.debian.org/security/2004/dsa-460

If we do a GLSA, we should do it quickly :)
-K

------- Comment #9 From Kurt Lieber 2004-04-07 04:55:54 0000 -------

GLSA 200404-04

First Last Prev Next No search results available Search page Enter new bug

Bugzilla Bug 45159

app-admin/sysstat-5.0.2 version bump [ due to security issues ]

Last modified: 2004-04-07 04:55:54 0000