Bug 45159

Summary:	app-admin/sysstat-5.0.2 version bump [ due to security issues ]
Product:	Gentoo Linux	Reporter:	Daniel Webert <rockoo>
Component:	New packages	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	enhancement
Priority:	High
Version:	unspecified
Hardware:	All
OS:	All
Whiteboard:
Package list:		Runtime testing required:	---

Description Daniel Webert 2004-03-19 13:12:50 UTC

app-admin/sysstat-5.0.2 version bump

Comment 1 Tim Yamin (RETIRED) gentoo-dev

2004-03-23 14:52:42 UTC

Sparc, PPC, and AMD64 teams: Can you please mark this stable on your architectures since there seems to be a security bug related with this: http://www.securityfocus.com/bid/9844/info/ - Thanks!

Comment 2 Jason Wever (RETIRED) gentoo-dev

2004-03-23 17:46:26 UTC

Stable on sparc.

Comment 3 Daniel Webert 2004-03-25 18:05:59 UTC

in portage

Comment 4 Tim Yamin (RETIRED) gentoo-dev

2004-03-26 08:21:49 UTC

PPC people still need to unmask this.

Comment 5 Tim Yamin (RETIRED) gentoo-dev

2004-04-02 12:53:08 UTC

This needs a nudge since this is a security issue and the PPC people haven't yet marked this as stable. Thanks...

Comment 6 Lars Weiler (RETIRED) gentoo-dev

2004-04-02 16:32:49 UTC

finally bumped stable on ppc.

Comment 7 Tim Yamin (RETIRED) gentoo-dev

2004-04-03 03:42:26 UTC

Thanks Pylon. Should we issue a GLSA for this or not - this seems to be a issue with an insecure /tmp symlink vulnerability?

Comment 8 Thierry Carrez (RETIRED) gentoo-dev

2004-04-06 07:49:14 UTC

Yes,
It allows overwriting files with the id of the user running the isag command (theorically, not root). I am not sure a GLSA is needed, but there was a RHSA and a DSA on the subject :

https://rhn.redhat.com/errata/RHSA-2004-093.html
http://www.debian.org/security/2004/dsa-460

If we do a GLSA, we should do it quickly :)
-K

Comment 9 Kurt Lieber (RETIRED) gentoo-dev

2004-04-07 04:55:54 UTC

GLSA 200404-04