Summary: | net-im/jabberd2: system executables owned by non-root user | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Michael Orlitzky <mjo> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | maintainer-needed |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
See Also: | https://github.com/gentoo/gentoo/pull/8569 | ||
Whiteboard: | B1 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Michael Orlitzky
2017-08-31 01:42:49 UTC
Is this a Gentoo specific issue? it may be good to report upstream about this. Gentoo Security Padawan ChrisADR The ebuild does, fowners jabber:jabber /usr/bin/{jabberd,router,sm,c2s,s2s} so I doubt it's an upstream issue. Either ones takes care of deeply reviewing the ebuild and init files (due to other opened bugs affecting them) or this should be treecleaned (there is also a pending security issue revbump in other bug) Package was removed via https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=b50a30689fca4c60d2b4e625f341daff116e51b6. Added to an existing GLSA request filed. CVE-2017-18225 was assigned for this issue. This issue was resolved and addressed in GLSA 201803-07 at https://security.gentoo.org/glsa/201803-07 by GLSA coordinator Christopher Diaz Riveros (chrisadr). |