Description of problem: As noted in bug #894626 and in: [1] http://www.openwall.com/lists/oss-security/2013/01/23/7 haproxy previously failed to drop supplementary groups properly when trying to drop root privileges. By itself this problem is not a security flaw, but still serious enough the upstream fix: [2] git.1wt.eu/web?p=haproxy.git;a=commitdiff;h=ab012dd3 to be backported into all of the affected versions. Version-Release number of selected component (if applicable): haproxy-1.4.22-1.fc16 How reproducible: Always Steps to Reproduce: 1. See https://bugzilla.redhat.com/show_bug.cgi?id=894626#c0 for further reproducer details Actual results: Supplementary groups are not dropped properly after setuid / setgid calls. Expected results: (All) Supplementary groups should be dropped when dropping root privileges.
Fedora 16 changed to end-of-life (EOL) status on 2013-02-12. Fedora 16 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora please feel free to reopen this bug against that version. Thank you for reporting this bug and we are sorry it could not be fixed.
haproxy-1.4.23-1.fc17 has been submitted as an update for Fedora 17. https://admin.fedoraproject.org/updates/haproxy-1.4.23-1.fc17