> vulnerability in seatd-launch shipped as part of seatd release 0.6.0, 0.6.1, > 0.6.2 and 0.6.3. > The vulnerability was fixed in seatd release 0.6.4. > If seatd-launch had the SUID bit set, this could be used by a malicious > user to remove files with the privileges of the owner of seatd-launch, > which is likely root, and replace it with a user-owned domain socket. seatd-launch isn't with the SUID bit set in gentoo package but users are very likely to set it to effectively use it without being root. seatd-0.6.4 is already in ::gentoo but seatd-0.6.2-r1 and 0.6.3 need to be cleared and the latter has been stabilized.
Thanks, please stabilize 0.6.4!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2311f91b8a0186879719473701e34a6351c0c5fd commit 2311f91b8a0186879719473701e34a6351c0c5fd Author: Arthur Zamarin <arthurzam@gentoo.org> AuthorDate: 2022-02-25 15:46:11 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2022-02-25 15:46:43 +0000 sys-auth/seatd: drop 0.5.0, 0.5.0-r1, 0.6.2-r1 Bug: https://bugs.gentoo.org/833950 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> sys-auth/seatd/Manifest | 2 -- sys-auth/seatd/seatd-0.5.0-r1.ebuild | 53 --------------------------------- sys-auth/seatd/seatd-0.5.0.ebuild | 48 ------------------------------ sys-auth/seatd/seatd-0.6.2-r1.ebuild | 57 ------------------------------------ 4 files changed, 160 deletions(-)
I have done partial cleanup, and opened stabilization bug for 0.6.4 Thanks!
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06fb3060f47319e243bc983fd3b89bb7d6c505d0 commit 06fb3060f47319e243bc983fd3b89bb7d6c505d0 Author: Arthur Zamarin <arthurzam@gentoo.org> AuthorDate: 2022-02-25 21:03:26 +0000 Commit: Arthur Zamarin <arthurzam@gentoo.org> CommitDate: 2022-02-25 21:03:26 +0000 sys-auth/seatd: drop 0.6.3 Bug: https://bugs.gentoo.org/833950 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org> sys-auth/seatd/Manifest | 1 - sys-auth/seatd/seatd-0.6.3.ebuild | 57 --------------------------------------- 2 files changed, 58 deletions(-)
Thanks! This vulnerability isn't triggerable via a default installation of seatd, so no GLSA. All done!