Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 938542 (CVE-2023-49582) - <dev-libs/apr-1.7.5: Unexpected lax shared memory permissions
Summary: <dev-libs/apr-1.7.5: Unexpected lax shared memory permissions
Status: CONFIRMED
Alias: CVE-2023-49582
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal
Assignee: Gentoo Security
URL:
Whiteboard: B4 [cleanup glsa?]
Keywords:
Depends on: 941240
Blocks:
  Show dependency tree
 
Reported: 2024-08-27 05:38 UTC by Hans de Graaff
Modified: 2024-10-13 22:10 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Hans de Graaff gentoo-dev Security 2024-08-27 05:38:31 UTC
SECURITY: CVE-2023-49582: Apache Portable Runtime (APR):
     Unexpected lax shared memory permissions (cve.mitre.org)
     Lax permissions set by the Apache Portable Runtime library on
     Unix platforms would allow local users read access to named
     shared memory segments, potentially revealing sensitive
     application data.
     This issue does not affect non-Unix platforms, or builds with
     APR_USE_SHMEM_SHMGET=1 (apr.h)
     Users are recommended to upgrade to APR version 1.7.5, which
     fixes this issue.
     Credits: Thomas Stangner