| Summary: | <app-shells/autojump-21.3.0-r1: autojump profile will load random stuff from a directory called custom_install (CVE-2013-2012) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | trivial | CC: | xmw |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://www.openwall.com/lists/oss-security/2013/04/25/13 | ||
| Whiteboard: | ~4 [noglsa] | ||
| Package list: | Runtime testing required: | --- | |
+*autojump-21.3.0-r1 (04 May 2013) + + 04 May 2013; Michael Weber <xmw@gentoo.org> +autojump-21.3.0-r1.ebuild, + +files/autojump-21.3.0-supported-shells.patch, -autojump-21.3.0.ebuild: + Drop old, fix infinity loop sourcing shell=sh (thanks Kamil Kuduk, bug + 446312), prefix support (thanks Leho Kraav, bug 465226), fix security issue + (bug 467262). + Closing noglsa for ~arch only. |
From ${URL} : a security flaw was found in the way autojump, a tool for faster filesystem navigation from the command line, used to honour content of custom_install directory when global and local autojump installations were not found, and $SHELL variable was unset or set to different value than bash or zsh. If an unsuspecting autojump user was tricked into running autojump script from the directory a local attacker has write access to, this flaw could be used for arbitrary (Python) code execution with the privileges of the user running the autojump binary / script. Relevant (final) upstream patches are as follows: [1] https://github.com/joelthelion/autojump/commit/ad09ee27d402be797b3456abff6edeb4291edfec [2] https://github.com/joelthelion/autojump/commit/c763b2afadb188ab52849c21d43d2e8fe5b8800a References: [3] https://bugzilla.redhat.com/show_bug.cgi?id=950777 @maintainer(s): after the bump, in case we need to stabilize the package, please say explicitly if it is ready for the stabilization or not