Red Hat Bugzilla – Bug 127474
i18n package has files with world rwx permissions
Last modified: 2007-11-30 17:10:45 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7)
Description of problem:
While running the CIS benchmark against my system, it found numerous
files in /usr/lib/ooo-1.1/share/dict/ooo all owned by the i18n
sub-package that are world writeable/executable.
Version-Release number of selected component (if applicable):
UCARP allows a couple of hosts to share common virtual IP addresses in
order to provide automatic failover. It is a portable userland
implementation of the secure and patent-free Common Address Redundancy
Protocol (CARP, OpenBSD's alternative to the VRRP).
Steps to Reproduce:
1. ls -l /usr/lib/ooo-1.1/share/dict/ooo
jeez, copy-paste included the junk about CARP. Disregard that!
*** Bug 126612 has been marked as a duplicate of this bug. ***
Should be fixed in 1.1.2-1 and higher, coming soon
Fixing this for future releases is appreciated, but it's also a
security bug in the *current* release. Could you please prepare and
release an update for Fedora Core 2? Thank you.
An update came out for this today. Thanks!