From the Secunia advisory at: http://secunia.com/advisories/43375/
Two security issues have been reported in resource-agents, which can
be exploited by malicious, local users to gain escalated privileges.
The security issues are caused due to the "SAPDatabase" and
"SAPInstance" scripts incorrectly setting the environment variable
LD_LIBRARY_PATH. This can be exploited to gain escalated privileges
by e.g. tricking a user into running the script in a directory
containing a malicious library.
@cluster, is =sys-cluster/resource-agents-1.0.4-r1 a suitable target for stabilization? I believe 1.0.4 contains this fix. Thanks.
Please proceed with stabilization of =sys-cluster/resource-agents-1.0.4-r1
(In reply to comment #1)
> Please proceed with stabilization of =sys-cluster/resource-agents-1.0.4-r1
Great, thank you.
Arches, please test and mark stable:
Target keywords : "amd64 hppa x86"
posted bug 358883
amd64 done. Thanks Agostino
Stable for HPPA.
x86 stable. Closing. Thanks.
Thanks, folks. GLSA Vote: yes.
Vote: YES. New GLSA request filed.
This issue was resolved and addressed in
GLSA 201412-09 at http://security.gentoo.org/glsa/glsa-201412-09.xml
by GLSA coordinator Sean Amoss (ackle).