635710 – <dev-db/mariadb-galera-10.0.32: root privilege escalation via "chown"

Bug 635710 - <dev-db/mariadb-galera-10.0.32: root privilege escalation via "chown"

Summary: <dev-db/mariadb-galera-10.0.32: root privilege escalation via "chown"

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~1 [noglsa]
Keywords:

Depends on:
Blocks:	CVE-2017-15945
	Show dependency tree

Reported:	2017-10-28 17:54 UTC by Thomas Deutschmann (RETIRED)
Modified:	2017-10-28 18:22 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-28 17:54:56 UTC

This package uses eclasses which were vulnerable to root privilege escalation via "chown", see bug 630822 for details. The eclasses were fixed, however a rev bump is required to ensure that the vulnerability is completely removed.

Comment 1 Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-28 18:00:07 UTC

Fixed through bump to >=dev-db/mariadb-galera-10.0.32. Repository is clean.

GLSA Vote: Yes (will be added to an existing GLSA for the other dev-db/* packages).

Comment 2 Thomas Deutschmann (RETIRED) gentoo-dev

2017-10-28 18:22:07 UTC

All done, repository is clean.