Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 897706 (CVE-2022-3560) - <app-crypt/pesign-116: root privilege escalation via symlink following
Summary: <app-crypt/pesign-116: root privilege escalation via symlink following
Alias: CVE-2022-3560
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Assignee: Gentoo Security
Whiteboard: ~1 [cleanup]
Depends on:
Reported: 2023-02-25 16:43 UTC by John Helmert III
Modified: 2023-10-04 16:51 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-02-25 16:43:46 UTC

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

RedHat managed to make the CVE itself completely opaque, but there's
more information on oss-security:

But even these don't say that the fixed version is 116. It's not in
the release notes either:

But it is noted in the relase commit:

The fix itself is
Comment 1 Larry the Git Cow gentoo-dev 2023-10-04 16:50:19 UTC
The bug has been referenced in the following commit(s):

commit 611739f6d355367906a758a61282ecce8ed82f7a
Author:     Sam James <>
AuthorDate: 2023-10-04 16:02:49 +0000
Commit:     Sam James <>
CommitDate: 2023-10-04 16:47:15 +0000

    app-crypt/pesign: add 116
    Signed-off-by: Sam James <>

 app-crypt/pesign/Manifest                         |  1 +
 app-crypt/pesign/files/pesign-116-no-werror.patch | 11 +++++
 app-crypt/pesign/pesign-116.ebuild                | 57 +++++++++++++++++++++++
 3 files changed, 69 insertions(+)