CVE-2018-7169 (https://nvd.nist.gov/vuln/detail/CVE-2018-7169): An issue was discovered in shadow 4.5. newgidmap (in shadow-utils) is setuid and allows an unprivileged user to be placed in a user namespace where setgroups(2) is permitted. This allows an attacker to remove themselves from a supplementary group, which may allow access to certain filesystem paths if the administrator has used "group blacklisting" (e.g., chmod g-rwx) to restrict access to paths. This flaw effectively reverts a security feature in the kernel (in particular, the /proc/self/setgroups knob) to prevent this sort of privilege escalation.
More details: https://bugs.launchpad.net/ubuntu/+source/shadow/+bug/1729357
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=78e50f251c0ad49437a4146dc2bdd1552a88fe04 commit 78e50f251c0ad49437a4146dc2bdd1552a88fe04 Author: Michael Vetter <jubalh@iodoru.org> AuthorDate: 2018-02-16 11:22:10 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-02-17 12:50:11 +0000 sys-apps/shadow: Fix CVE-2018-7169 Fix CVE-2018-7169 by applying upstream patch: https://github.com/shadow-maint/shadow/commit/fb28c99b8a66ff2605c5cb96abc0a4d975f92de0 Bug: https://bugs.gentoo.org/647790 Package-Manager: Portage-2.3.19, Repoman-2.3.6 Closes: https://github.com/gentoo/gentoo/pull/7203 .../shadow/files/shadow-4.5-CVE-2018-7169.patch | 180 ++++++++++++++++++ sys-apps/shadow/shadow-4.5-r1.ebuild | 210 +++++++++++++++++++++ 2 files changed, 390 insertions(+)}
ping, why isn't this proceeding to stabilization still?
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ec0a8306f712c40b6b84d721b4ed70d9f4703e8b commit ec0a8306f712c40b6b84d721b4ed70d9f4703e8b Author: Lars Wendler <polynomial-c@gentoo.org> AuthorDate: 2018-04-30 16:02:31 +0000 Commit: Lars Wendler <polynomial-c@gentoo.org> CommitDate: 2018-04-30 16:05:03 +0000 sys-apps/shadow: Security bump to version 4.6 Bug: https://bugs.gentoo.org/647790 Bug: https://bugs.gentoo.org/635750 Package-Manager: Portage-2.3.31, Repoman-2.3.9 sys-apps/shadow/Manifest | 1 + sys-apps/shadow/shadow-4.6.ebuild | 211 ++++++++++++++++++++++++++++++++++++++ 2 files changed, 212 insertions(+)}
@arches, please stabilize.
amd64 stable
(In reply to Mikle Kolyada from comment #6) > amd64 stable Apparently the keywords were not transfered to the tree: Keywords: 4.5:0: alpha amd64 arm arm64 hppa ia64 ppc ppc64 sparc x86 Keywords: 4.5-r1:0: Keywords: 4.6:0: ~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 Head commit of repository gentoo: dd8bdb3d06e678c08a63a9a3b9cb3ee427bc06de
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=eb8f512705014448527ecdc9d3ab477abbaa13d5 commit eb8f512705014448527ecdc9d3ab477abbaa13d5 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-01 08:09:21 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-01 08:09:21 +0000 sys-apps/shadow: stable 4.6 for ia64, bug #647790 Bug: https://bugs.gentoo.org/647790 Package-Manager: Portage-2.3.31, Repoman-2.3.9 RepoMan-Options: --include-arches="ia64" sys-apps/shadow/shadow-4.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
arm64 stable
x86 stable
arm stable
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=7f28c89dd338a3ac67cfc436b30f9515ae9198de commit 7f28c89dd338a3ac67cfc436b30f9515ae9198de Author: Rolf Eike Beer <eike@sf-mail.de> AuthorDate: 2018-05-07 22:29:54 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-08 06:23:23 +0000 sys-apps/shadow: stable 4.6 for sparc Bug: https://bugs.gentoo.org/647790 Package-Manager: Portage-2.3.24, Repoman-2.3.6 RepoMan-Options: --include-arches="sparc" sys-apps/shadow/shadow-4.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=e5c1ee8f4e5d7567ad2710cd8dd9922a05f5e5f7 commit e5c1ee8f4e5d7567ad2710cd8dd9922a05f5e5f7 Author: Sergei Trofimovich <slyfox@gentoo.org> AuthorDate: 2018-05-11 22:56:15 +0000 Commit: Sergei Trofimovich <slyfox@gentoo.org> CommitDate: 2018-05-11 22:56:15 +0000 sys-apps/shadow: stable 4.6 for ppc, bug #647790 Bug: https://bugs.gentoo.org/647790 Package-Manager: Portage-2.3.36, Repoman-2.3.9 RepoMan-Options: --include-arches="ppc" sys-apps/shadow/shadow-4.6.ebuild | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Stable on alpha.
commit 60615b2d4290cf0f171f0cbe7948a47ada73376b Author: Mike Frysinger <vapier@gentoo.org> Date: Mon May 21 04:50:24 2018 -0400 sys-apps/shadow: mark 4.5/4.6 m68k/s390/sh stable
GLSA is ready for review
This issue was resolved and addressed in GLSA 201805-09 at https://security.gentoo.org/glsa/201805-09 by GLSA coordinator Aaron Bauman (b-man).
