Bug 127474

Summary: i18n package has files with world rwx permissions
Product: [Fedora] Fedora Reporter: David Hollis <dhollis>
Component: openoffice.orgAssignee: Dan Williams <dcbw>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: rawhideCC: mattdm, p.van.egdom, valdis.kletnieks
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-10-21 23:03:40 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description David Hollis 2004-07-08 19:10:04 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Gecko/20040705 Firefox/0.9.1

Description of problem:
While running the CIS benchmark against my system, it found numerous
files in /usr/lib/ooo-1.1/share/dict/ooo all owned by the i18n
sub-package that are world writeable/executable.

Version-Release number of selected component (if applicable):
UCARP allows a couple of hosts to share common virtual IP addresses in
order to provide automatic failover. It is a portable userland
implementation of the secure and patent-free Common Address Redundancy
Protocol (CARP, OpenBSD's alternative to the VRRP).


How reproducible:

Steps to Reproduce:
1. ls -l /usr/lib/ooo-1.1/share/dict/ooo

Additional info:

Comment 1 David Hollis 2004-07-08 19:15:23 UTC
jeez, copy-paste included the junk about CARP.  Disregard that!

Comment 2 Dan Williams 2004-07-19 16:07:11 UTC
*** Bug 126612 has been marked as a duplicate of this bug. ***

Comment 3 Dan Williams 2004-07-19 16:07:40 UTC
Should be fixed in 1.1.2-1 and higher, coming soon

Comment 4 Matthew Miller 2004-10-09 16:45:45 UTC
Fixing this for future releases is appreciated, but it's also a
security bug in the *current* release. Could you please prepare and
release an update for Fedora Core 2? Thank you.

Comment 5 Matthew Miller 2004-10-21 23:03:40 UTC
An update came out for this today. Thanks!