Summary: | <app-admin/conky-1.8.1-r2: "/tmp/.cesf" Insecure Temporary File (CVE-2011-3616) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Paweł Hajdan, Jr. (RETIRED) <phajdan.jr> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | billie, brenden, dragonheart, slyfox |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Paweł Hajdan, Jr. (RETIRED)
2011-02-08 07:31:46 UTC
+*conky-1.8.1-r1 (11 Feb 2011) + + 11 Feb 2011; Daniel Pielmeier <billie@gentoo.org> +conky-1.8.1-r1.ebuild, + +files/conky-1.8.1-acpitemp.patch, +files/conky-1.8.1-secunia-SA43225.patch: + Revision bump to fix security bug #354061 and also bug #352012. I have added an ebuild including a patch from upstream which should fix the issue. Upstream is still working on this, so the patch may change. I will report back here if there is a proper solution. +*conky-1.8.1-r2 (12 Feb 2011) + + 12 Feb 2011; Daniel Pielmeier <billie@gentoo.org> -conky-1.8.1-r1.ebuild, + +conky-1.8.1-r2.ebuild, files/conky-1.8.1-secunia-SA43225.patch: + Updated patch security bug #354061. Now there is a new patch which is supposed to be cleaner. The old one should have worked as well. How do we procceed here. Shouldn't we stabilise 1.8.1-r2 as current stable (1.8.0-r1) is affected as well. Arches, please stabilize =app-admin/conky-1.8.1-r2 USE="xmms2" pulled in media-sound/xmms2-0.7-r2 (masked by: ~amd64 keyword) we stabilize also it, or what? xmms2 should be ready to go I guess but lets CC the maintainer and see what he thinks (In reply to comment #7) > xmms2 should be ready to go I guess but lets CC the maintainer and see what he > thinks > Yeah. Stable in tree for more, than a month without any known problems. (Actually there is one: CC=distcc, but I haven't manged to reproduce it). Feel free to stabilize media-sound/xmms2. Just be careful as it has a lot of deps. On amd64 you will need at least: media-sound/sidplay amd64 ok =app-admin/conky-1.8.1-r2 =media-sound/xmms2-0.7-r2 =media-sound/sidplay-2.0.9 amd64 done. Thanks Agostino I tested these 3 packages on x86 and two things: xmms2 should depend on dev-libs/libcdio for USE="cdda". Otherwise: The following required plugin(s) failed to configure: cdda * ERROR: media-sound/xmms2-0.7-r2 failed: * 'waf configure' failed xmms2 should also depend on net-dns/avahi(USE=+mdnsresponder-compat) for USE="avahi". Otherwise: The following required optional(s) failed to configure: dns_sd * ERROR: media-sound/xmms2-0.7-r2 failed: * 'waf configure' failed ppc done (In reply to comment #12) > ppc done ppc/ppc64 stable Stable on alpha. stable x86, I fixed those (USE) dependency issues spotted by Andreas...thanks alpha/sparc stable Actually this needs xmms2 stable on alpha... Stable on alpha: =media-sound/mac-3.99.4.5.7 =media-libs/libofa-0.9.3 =media-libs/resid-0.16_p2 =media-sound/xmms2-0.7-r2 =app-admin/conky-1.8.1-r2 Thanks, everyone. GLSA Vote: yes. Vote: YES. New GLSA request filed. CVE identifier missing, can someone of the new scouts check if there is one and if not, request one? Couldn't find any CVE for this - requested one. Thanks. When you have requested a CVE, Sean, you can add "(CVE requested)" to the summary. @maintainer, Please remove vulnerable version from the tree. This was assigned CVE-2011-3616 - I don't have edit privileges to update the summary or alias. (In reply to comment #25) > This was assigned CVE-2011-3616 - I don't have edit privileges to update the > summary or alias. Thanks, Sean! (In reply to comment #24) > @maintainer, Please remove vulnerable version from the tree. Done! This issue was resolved and addressed in GLSA 201110-09 at http://security.gentoo.org/glsa/glsa-201110-09.xml by GLSA coordinator Stefan Behte (craig). CVE-2011-3616 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3616): The getSkillname function in the eve module in Conky 1.8.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on /tmp/.cesf. |