Fedora Legacy Test Update Notification: cdrtools

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2058
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2058
2005-02-17
---------------------------------------------------------------------

Name        : cdrtools
Versions    : rh9: cdrtools-2.0-11.9.3.legacy
Summary     : A collection of CD/DVD utilities.
Description :
cdrtools is a collection of CD/DVD utilities.

---------------------------------------------------------------------
Update Information:

Updated cdrtools packages that fix a privilege escalation vulnerability
are now available.

Cdrtools is a collection of CD/DVD utilities.

Max Vozeler found that the cdrecord program, when is set suid root,
fails to drop privileges when it executes a program specified by the
user through the $RSH environment variable. This can be abused by a
local attacker to obtain root privileges. In the default configuration
of Red Hat Linux 9, the cdrecord program is not set suid root and this
attack is not possible. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0806 to this issue.

Users of cdrtools are advised to upgrade to these errata packages, which
contain a backported patch correcting this issue.

---------------------------------------------------------------------
Changelogs

rh9:
* Sat Feb 12 2005 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 8:2.0-11.9.3.legacy
- added missing automake, libtool, libacl-devel and groff BuildRequires

* Fri Sep 10 2004 Marc Deslauriers <marcdeslauriers@xxxxxxxxxxxx> 8:2.0-11.9.2.legacy
- added rsh patch to fix CAN-2004-0806

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh9:
6ec40cf0eb0853bbb2cfe36d17349aaed55e82fa redhat/9/updates-testing/i386/cdda2wav-2.0-11.9.3.legacy.i386.rpm
ca6510d1737dcc5d2a7491d4b908999bd4cf9003 redhat/9/updates-testing/i386/cdrecord-2.0-11.9.3.legacy.i386.rpm
b524bf67a74450990cb95f249153c6e266acbf03 redhat/9/updates-testing/i386/cdrecord-devel-2.0-11.9.3.legacy.i386.rpm
291b49e8ab22b2d1f27052504b41bd1cd25a7c24 redhat/9/updates-testing/i386/mkisofs-2.0-11.9.3.legacy.i386.rpm
b138f4696e00faa674c141b8152337f87d6c01f6 redhat/9/updates-testing/SRPMS/cdrtools-2.0-11.9.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

--

fedora-legacy-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-legacy-list
[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux