CVE-2021-45417 AIDE before 0.17.4 allows local users to obtain root privileges via crafted file metadata (such as XFS extended attributes or tmpfs ACLs), because of a heap-based buffer overflow.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=06cefe1606470b4b93e12aef21b1e9733c7e55c9 commit 06cefe1606470b4b93e12aef21b1e9733c7e55c9 Author: Sam James <sam@gentoo.org> AuthorDate: 2022-03-11 11:00:35 +0000 Commit: Sam James <sam@gentoo.org> CommitDate: 2022-03-11 11:01:01 +0000 app-forensics/aide: add 0.17.4 Closes: https://bugs.gentoo.org/771924 Bug: https://bugs.gentoo.org/829268 Bug: https://bugs.gentoo.org/831658 Signed-off-by: Sam James <sam@gentoo.org> app-forensics/aide/Manifest | 1 + app-forensics/aide/aide-0.17.4.ebuild | 103 +++++++++++++++++++++ app-forensics/aide/files/aide-0.17.4-bashism.patch | 58 ++++++++++++ 3 files changed, 162 insertions(+)
Please cleanup.
commit 543ee0f51eaf868f071970d49db6611643de7292 Author: Sam James <sam@gentoo.org> Date: Sun Apr 17 19:39:47 2022 +0100 app-forensics/aide: drop 0.16.2_p20200614
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=f97b11254c2a162a6078c78cf6112e3d8844d792 commit f97b11254c2a162a6078c78cf6112e3d8844d792 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2023-11-25 08:24:47 +0000 Commit: Hans de Graaff <graaff@gentoo.org> CommitDate: 2023-11-25 08:25:21 +0000 [ GLSA 202311-07 ] AIDE: Root Privilege Escalation Bug: https://bugs.gentoo.org/831658 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: Hans de Graaff <graaff@gentoo.org> glsa-202311-07.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+)