Bug 908915
Summary: | CVE-2012-6120 Puppet: Directory /var/log/puppet is world readable [epel-all] | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Kurt Seifried <kseifried> |
Component: | puppet | Assignee: | Jeroen van Meeuwen <vanmeeuwen+fedora> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | el6 | CC: | apevec, jose.p.oliveira.oss, k.georgiou, ktdreyer, mastahnke, moses, tmz, vanmeeuwen+fedora |
Target Milestone: | --- | Keywords: | Security, SecurityTracking |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Release Note | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2013-03-18 14:24:09 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 908629 |
Description
Kurt Seifried
2013-02-07 20:47:44 UTC
Please use the following update submission link to create the Bodhi request for this issue as it contains the top-level parent bug(s) as well as this tracking bug. This will ensure that all associated bugs get updated when new packages are pushed to stable. Please also ensure that the "Close bugs when update is stable" option remains checked. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=908629,908915 Strange, that one was supposed to be fixed ages ago in bug 495096 and in spec I see: %attr(0750, puppet, puppet) %{_localstatedir}/log/puppet AFAICT, this is due to a behavior change in rpm. If it's going to cause security bugs, perhaps that's something that can be verified and fixed in rpm (unless I'm just wrong). See discussion in bug #857930 for details. A new build for epel confirms that this was a bug in either rpm or the buildsystem. The permissions on /var/log/puppet are now correct again, with no changes in the spec file. The fixed builds for epel are 2.6.18-1.el5 and 2.6.18-1.el6: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0664/puppet-2.6.18-1.el5 https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-0657/puppet-2.6.18-1.el6 |