Bug 475452 (CVE-2008-5397)
| Summary: | CVE-2008-5397 tor: does not properly process User/Group configuration options (privilege escalation) | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Jan Lieskovsky <jlieskov> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED WORKSFORME | QA Contact: | |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | unspecified | CC: | rh-bugzilla |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://blog.torproject.org/blog/tor-0.2.0.32-released | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2008-12-09 10:23:09 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Jan Lieskovsky
2008-12-09 09:52:17 UTC
This issue affects the versions of the tor package, as shipped with Fedora releases of 8,9 and 10. Please upgrade to latest upstream version of apply the above patch. All current Fedora versions are already updated to upstream version 0.2.0.23: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-10954 https://admin.fedoraproject.org/updates/F9/FEDORA-2008-10989 https://admin.fedoraproject.org/updates/F10/FEDORA-2008-10991 (In reply to comment #2) > All current Fedora versions are already updated to upstream version 0.2.0.23: Bah, 0.2.0.32 that should be, of course... fwiw, this bug never affected any tor version shipped by fedora. There was always a patch like http://cvs.fedora.redhat.com/viewvc/rpms/tor/F-7/tor-0.1.1.26-setgroups.patch?revision=1.1&root=extras&view=markup dropping supplementary groups. |