Summary: | net-analyzer/net-snmp: insecure runpath | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | James Cloos <cloos> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | acs+gentoo, netmon | ||||
Priority: | High | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | B2 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Bug Depends on: | |||||||
Bug Blocks: | 81745 | ||||||
Attachments: |
|
Description
James Cloos
2005-08-25 17:57:19 UTC
Created attachment 66893 [details]
log of emerge of net-snmp-5.2.1.2
incidently, the relevant use flags are: [ebuild U ] net-analyzer/net-snmp-5.2.1.2 [5.2.1-r1] +X -doc +elf* +ipv6 -lm_sensors -minimal +perl +rpm* (-selinux) +smux* +ssl +tcpd netmon herd, something needs to be fixed here... something like this should solve it $ cvs diff cvs diff: Diffing . Index: net-snmp-5.2.1.2.ebuild =================================================================== RCS file: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/net-snmp-5.2.1.2.ebuild, v retrieving revision 1.10 diff -u -w -r1.10 net-snmp-5.2.1.2.ebuild --- net-snmp-5.2.1.2.ebuild 7 Aug 2005 09:12:46 -0000 1.10 +++ net-snmp-5.2.1.2.ebuild 2 Sep 2005 10:20:45 -0000 @@ -59,6 +59,9 @@ # bugs 68467 and 68254 sed -i -e 's;embed_perl="yes",;embed_perl=$enableval,;' configure.in \ || die "sed configure.in failed" + # bug 103776 + sed -i -e 's/\(@(cd perl ; $(MAKE)\)\() ; \\\)/\1 LD_RUN_PATH=\2/g' \ + Makefile.in || die "sed Makefile.in failed" # fix access violation in make check sed -i 's/\(snmpd.*\)-Lf/\1-l/' testing/eval_tools.sh || \ die "sed eval_tools.sh failed" cvs diff: Diffing files sedfu is now present for each ebuild in cvs. Thanks Tavis. This allows portage -> user-of-net-snmp privilege escalation. ka0ttic: We'll need an ebuild revbump so that people with affected net-snmp things get rebuilt. (In reply to comment #6) > This allows portage -> user-of-net-snmp privilege escalation. > > ka0ttic: We'll need an ebuild revbump so that people with affected net-snmp > things get rebuilt. err forgot. a -r1 is in cvs. -r1 seems to be stable on all arches, ready for GLSA. GLSA 200509-05 *** Bug 118245 has been marked as a duplicate of this bug. *** |