1417828 – The return value from the call to 'setreuid' is not checked.

Bug 1417828 - The return value from the call to 'setreuid' is not checked.

Summary: The return value from the call to 'setreuid' is not checked.

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	amanda
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Josef Ridky
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1417830
TreeView+	depends on / blocked

Reported:	2017-01-31 08:14 UTC by Josef Ridky
Modified:	2017-02-15 20:53 UTC (History)
CC List:	5 users (show)
Fixed In Version:	amanda-3.4.2-1.fc24 amanda-3.4.2-1.fc25
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Clones:	1417830 (view as bug list)
Environment:
Last Closed:	2017-02-15 20:50:53 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
upstream patch (478 bytes, patch) 2017-01-31 08:14 UTC, Josef Ridky	no flags	Details \| Diff
View All

Description Josef Ridky 2017-01-31 08:14:55 UTC

Created attachment 1246112 [details]
upstream patch

Description of problem:
The return value from the call to 'setreuid' is not checked. If an error occurs in 'setreuid', the following code may execute with unexpected privileges

Version-Release number of selected component (if applicable):
3.3.3 - 3.4.1

Additional info:
Located in common-src/krb5-security.c:393:5
This issue has been reported to upstream. Upstream fix is attached.

Comment 1 Jason Tibbitts 2017-01-31 17:36:07 UTC

Note that the patch has been upstreamed in 3.4.2, which I have already built in rawhide.

Comment 2 Fedora Update System 2017-02-01 14:56:18 UTC

amanda-3.4.2-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec1e93b61f

Comment 3 Fedora Update System 2017-02-01 14:56:42 UTC

amanda-3.4.2-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-5fcf946acc

Comment 4 Fedora Update System 2017-02-01 22:48:29 UTC

amanda-3.4.2-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5fcf946acc

Comment 5 Fedora Update System 2017-02-01 23:52:17 UTC

amanda-3.4.2-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec1e93b61f

Comment 6 Fedora Update System 2017-02-15 20:50:53 UTC

amanda-3.4.2-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2017-02-15 20:53:11 UTC

amanda-3.4.2-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.