CVE-2020-15396: In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root. CVE-2020-15397: HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=40bc6b7f79069264f3cbc918ffae4af4feab2bb5 commit 40bc6b7f79069264f3cbc918ffae4af4feab2bb5 Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-01 04:33:35 +0000 Commit: Joonas Niilola <juippis@gentoo.org> CommitDate: 2020-07-07 13:56:31 +0000 net-misc/hylafaxplus: Add 7.0.2 (security bump) Bug: https://bugs.gentoo.org/730290 Package-Manager: Portage-2.3.103, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16541 Signed-off-by: Joonas Niilola <juippis@gentoo.org> net-misc/hylafaxplus/Manifest | 1 + .../files/hylafaxplus-CVE-2020-1539x.patch | 110 ++++++++++++++ net-misc/hylafaxplus/hylafaxplus-7.0.2.ebuild | 160 +++++++++++++++++++++ 3 files changed, 271 insertions(+)
No open bugs. Let's try it.
x86 stable
amd64 stable Please cleanup.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ef2959f12a4402bf6050d6b5f4c07447d8aba5ac commit ef2959f12a4402bf6050d6b5f4c07447d8aba5ac Author: John Helmert III <jchelmert3@posteo.net> AuthorDate: 2020-07-22 17:04:39 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2020-07-22 18:46:47 +0000 net-misc/hylafaxplus: Security cleanup Bug: https://bugs.gentoo.org/730290 Package-Manager: Portage-3.0.0, Repoman-2.3.23 Signed-off-by: John Helmert III <jchelmert3@posteo.net> Closes: https://github.com/gentoo/gentoo/pull/16781 Signed-off-by: Sam James <sam@gentoo.org> net-misc/hylafaxplus/Manifest | 2 - .../hylafaxplus/files/hylafax-cryptglibc.patch | 98 ------------ net-misc/hylafaxplus/hylafaxplus-5.5.5.ebuild | 177 --------------------- net-misc/hylafaxplus/hylafaxplus-5.6.1.ebuild | 162 ------------------- 4 files changed, 439 deletions(-)
This issue was resolved and addressed in GLSA 202007-06 at https://security.gentoo.org/glsa/202007-06 by GLSA coordinator Sam James (sam_c).