From the Secunia advisory at: http://secunia.com/advisories/43375/ Two security issues have been reported in resource-agents, which can be exploited by malicious, local users to gain escalated privileges. The security issues are caused due to the "SAPDatabase" and "SAPInstance" scripts incorrectly setting the environment variable LD_LIBRARY_PATH. This can be exploited to gain escalated privileges by e.g. tricking a user into running the script in a directory containing a malicious library. @cluster, is =sys-cluster/resource-agents-1.0.4-r1 a suitable target for stabilization? I believe 1.0.4 contains this fix. Thanks.
Please proceed with stabilization of =sys-cluster/resource-agents-1.0.4-r1
(In reply to comment #1) > Please proceed with stabilization of =sys-cluster/resource-agents-1.0.4-r1 Great, thank you. Arches, please test and mark stable: =sys-cluster/resource-agents-1.0.4-r1 Target keywords : "amd64 hppa x86"
posted bug 358883
amd64 ok
amd64 done. Thanks Agostino
Stable for HPPA.
x86 stable. Closing. Thanks.
sorry...
Thanks, folks. GLSA Vote: yes.
Vote: YES. New GLSA request filed.
This issue was resolved and addressed in GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml by GLSA coordinator Sean Amoss (ackle).