Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1417828 - The return value from the call to 'setreuid' is not checked.
Summary: The return value from the call to 'setreuid' is not checked.
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Fedora
Classification: Fedora
Component: amanda
Version: rawhide
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Josef Ridky
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: 1417830
TreeView+ depends on / blocked
 
Reported: 2017-01-31 08:14 UTC by Josef Ridky
Modified: 2017-02-15 20:53 UTC (History)
5 users (show)

Fixed In Version: amanda-3.4.2-1.fc24 amanda-3.4.2-1.fc25
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1417830 (view as bug list)
Environment:
Last Closed: 2017-02-15 20:50:53 UTC
Type: Bug


Attachments (Terms of Use)
upstream patch (478 bytes, patch)
2017-01-31 08:14 UTC, Josef Ridky
no flags Details | Diff

Description Josef Ridky 2017-01-31 08:14:55 UTC
Created attachment 1246112 [details]
upstream patch

Description of problem:
The return value from the call to 'setreuid' is not checked. If an error occurs in 'setreuid', the following code may execute with unexpected privileges

Version-Release number of selected component (if applicable):
3.3.3 - 3.4.1

Additional info:
Located in common-src/krb5-security.c:393:5
This issue has been reported to upstream. Upstream fix is attached.

Comment 1 Jason Tibbitts 2017-01-31 17:36:07 UTC
Note that the patch has been upstreamed in 3.4.2, which I have already built in rawhide.

Comment 2 Fedora Update System 2017-02-01 14:56:18 UTC
amanda-3.4.2-1.fc25 has been submitted as an update to Fedora 25. https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec1e93b61f

Comment 3 Fedora Update System 2017-02-01 14:56:42 UTC
amanda-3.4.2-1.fc24 has been submitted as an update to Fedora 24. https://bodhi.fedoraproject.org/updates/FEDORA-2017-5fcf946acc

Comment 4 Fedora Update System 2017-02-01 22:48:29 UTC
amanda-3.4.2-1.fc24 has been pushed to the Fedora 24 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-5fcf946acc

Comment 5 Fedora Update System 2017-02-01 23:52:17 UTC
amanda-3.4.2-1.fc25 has been pushed to the Fedora 25 testing repository. If problems still persist, please make note of it in this bug report.
See https://fedoraproject.org/wiki/QA:Updates_Testing for
instructions on how to install test updates.
You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2017-ec1e93b61f

Comment 6 Fedora Update System 2017-02-15 20:50:53 UTC
amanda-3.4.2-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2017-02-15 20:53:11 UTC
amanda-3.4.2-1.fc25 has been pushed to the Fedora 25 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.