Comment 1 Thomas Deutschmann (RETIRED) 2018-04-03 12:49:56 UTC

It was discovered that a race condition in beep (installed with USE flag "suid", which isn't the default) allows for local privilege escalation.

Comment 2 Larry the Git Cow 2018-04-04 20:35:23 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=5945809cd0c40e44313891742b0b61f90eecbfb8

commit 5945809cd0c40e44313891742b0b61f90eecbfb8
Author:     Patrice Clement <monsieurp@gentoo.org>
AuthorDate: 2018-04-04 20:34:21 +0000
Commit:     Patrice Clement <monsieurp@gentoo.org>
CommitDate: 2018-04-04 20:35:17 +0000

    app-misc/beep: patch against CVE-2018-0292.
    
    Bug: https://bugs.gentoo.org/652330
    See-Also: https://github.com/johnath/beep/issues/11
    Package-Manager: Portage-2.3.19, Repoman-2.3.6

 app-misc/beep/beep-1.3-r3.ebuild                 |  37 ++++++++
 app-misc/beep/files/beep-1.3-CVE-2018-0492.patch | 106 +++++++++++++++++++++++
 2 files changed, 143 insertions(+)}

Comment 3 Stabilization helper bot 2018-04-04 22:00:18 UTC

An automated check of this bug failed - the following atom is unknown:

app-misc/beep/beep-1.3-r3

Please verify the atom list.

Comment 4 Larry the Git Cow 2018-04-05 03:29:03 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3ac8c5c29bb140704be9248631f5ba4119ade913

commit 3ac8c5c29bb140704be9248631f5ba4119ade913
Author:     Aaron Bauman <bman@gentoo.org>
AuthorDate: 2018-04-05 02:54:04 +0000
Commit:     Aaron Bauman <bman@gentoo.org>
CommitDate: 2018-04-05 02:54:04 +0000

    app-misc/beep: amd64 stable
    
    Bug: https://bugs.gentoo.org/652330
    Package-Manager: Portage-2.3.28, Repoman-2.3.9

 app-misc/beep/beep-1.3-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}

Comment 5 Thomas Deutschmann (RETIRED) 2018-04-05 13:43:09 UTC

x86 stable

Comment 6 Tobias Klausmann (RETIRED) 2018-04-05 16:12:13 UTC

Stable on alpha.

Comment 7 Larry the Git Cow 2018-04-05 21:07:32 UTC

The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=205667c826d9ebe7128110a15ab5477bb9af3749

commit 205667c826d9ebe7128110a15ab5477bb9af3749
Author:     Rolf Eike Beer <eike@sf-mail.de>
AuthorDate: 2018-04-05 20:06:43 +0000
Commit:     Sergei Trofimovich <slyfox@gentoo.org>
CommitDate: 2018-04-05 21:06:31 +0000

    app-misc/beep: stable 1.3-r3 for sparc
    
    Bug: https://bugs.gentoo.org/652330
    Package-Manager: Portage-2.3.24, Repoman-2.3.6
    RepoMan-Options: --include-arches="sparc"

 app-misc/beep/beep-1.3-r3.ebuild | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)}

Comment 8 Sebastian Pipping 2018-04-13 17:53:23 UTC

Exploit at https://www.exploit-db.com/exploits/44452/ , if someone is interested.

Comment 9 Markus Meier 2018-04-14 11:39:24 UTC

arm stable

Comment 10 Matt Turner 2018-05-25 04:13:27 UTC

ppc/ppc64 stable

Comment 11 Aaron Bauman (RETIRED) 2018-05-25 12:48:39 UTC

all arches stable.

@maintainer(s), please clean.

Comment 12 GLSAMaker/CVETool Bot 2018-05-30 14:07:16 UTC

This issue was resolved and addressed in
 GLSA 201805-15 at https://security.gentoo.org/glsa/201805-15
by GLSA coordinator Aaron Bauman (b-man).