Summary: | <sys-process/bcron-0.10: bcron-exec File Descriptor Handling Security Issue (CVE-2012-6110) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | cron-bugs+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/51793/ | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 569020 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2013-01-21 10:06:19 UTC
CVE-2012-6110 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-6110): bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor. Ping for update. 2013 issue, still vulnerable. Maintainer(s): after the bump please let us know when the ebuild is ready for stabilization. *** Bug 467922 has been marked as a duplicate of this bug. *** commit 251b45bcf6a46407dc82ae70cf11a33c08c9b14d Author: Sergey Popov <pinkbyte@gentoo.org> Date: Sat Oct 24 20:48:36 2015 +0300 sys-process/bcron: version bump Non-maintainer commit, due to security reasons Port to EAPI 5, add epatch user Gentoo-Bug: 453310 Package-Manager: portage-2.2.20 @arches, please stabilize. @maintainers, after stabilization please remove vulnerable versions. TARGET KEYWORDS: amd64 and x86. sys-process/bcron/bcron-0.10.ebuild: DEPEND: amd64(default/linux/amd64/13.0) ['>=dev-libs/bglibs-1.106'] Deal with that first Only issues repoman is reporting here are an upstream workaround and deprecated EAPI's in <sys-process/bcron-0.10. Those will be fixed on cleanup after stabilization. CC back arches when 569020 is resolved amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please vote. GLSA Vote: No. @maintainer(s), please cleanup the vulnerable versions. |