Summary: | <media-sound/banshee-1.8.0-r1: Insecure LD_LIBRARY_PATH Processing (CVE-2010-3998) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Tim Sammut (RETIRED) <underling> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | dotnet, gstreamer, jlec, tomka |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://download.banshee.fm/banshee/unstable/1.9.0/banshee-1-1.9.0.news | ||
Whiteboard: | B4 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Tim Sammut (RETIRED)
2010-11-15 05:03:45 UTC
Added upstream patch to fix this [1] in 1.8.0-r1 and removed 1.8.0 from tree. Is there anything else that needs to be done to mark this fixed? [1] http://git.gnome.org/browse/banshee/commit/?h=stable-1.8&id=835c37e99196303195c88932169b73e975115e52 Great, thank you, Arun. We also need to do stabilization, and since this is a security bug, we keep it open until we either publish a GLSA or decide we are not going to. Arches, please test and mark stable: =media-sound/banshee-1.8.0-r1 Target keywords : "amd64 x86" Also: =media-plugins/banshee-community-extensions-1.8.0 will need to go stable as current stable doesn't work with banshee-1.8 (In reply to comment #3) > =media-plugins/banshee-community-extensions-1.8.0 This has a missing dependency lirc? ( app-misc/lirc ) Otherwise all fine. I'm ready to go on x86 as soon as you added it or told me to do it myself. (In reply to comment #4) > Otherwise all fine. I'm ready to go on x86 as soon as you added it or told me > to do it myself. > Please add it yourself as I don't have much time right now (and thanks a lot for finding that missing dep) Dependency added, x86 done. ok on amd64! (In reply to comment #3) > Also: > =media-plugins/banshee-community-extensions-1.8.0 > > will need to go stable as current stable doesn't work with banshee-1.8 > amd64 done. Thanks Agostino. @Pacho why don't you force this version inside the banshee ebuild? Thanks, folks. GLSA Vote: Yes. Vote: YES, glsa request filed. CVE-2010-3998 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-3998): The (1) banshee-1 and (2) muinshee scripts in Banshee 1.8.0 and earlier place a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: Banshee might also be affected using GST_PLUGIN_PATH. That version seems to be gone for a long time. This issue was resolved and addressed in GLSA 201402-05 at http://security.gentoo.org/glsa/glsa-201402-05.xml by GLSA coordinator Sergey Popov (pinkbyte). |