[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Fedora Legacy Test Update Notification: cdrtools

From: Marc Deslauriers <marcdeslauriers videotron ca>
To: fedora-legacy-list redhat com
Subject: Fedora Legacy Test Update Notification: cdrtools
Date: Thu, 17 Feb 2005 17:13:26 -0500

---------------------------------------------------------------------
Fedora Legacy Test Update Notification
FEDORALEGACY-2005-2058
Bugzilla https://bugzilla.fedora.us/show_bug.cgi?id=2058
2005-02-17
---------------------------------------------------------------------

Name        : cdrtools
Versions    : rh9: cdrtools-2.0-11.9.3.legacy
Summary     : A collection of CD/DVD utilities.
Description :
cdrtools is a collection of CD/DVD utilities.

---------------------------------------------------------------------
Update Information:

Updated cdrtools packages that fix a privilege escalation vulnerability
are now available.

Cdrtools is a collection of CD/DVD utilities.

Max Vozeler found that the cdrecord program, when is set suid root,
fails to drop privileges when it executes a program specified by the
user through the $RSH environment variable. This can be abused by a
local attacker to obtain root privileges. In the default configuration
of Red Hat Linux 9, the cdrecord program is not set suid root and this
attack is not possible. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-0806 to this issue.

Users of cdrtools are advised to upgrade to these errata packages, which
contain a backported patch correcting this issue.

---------------------------------------------------------------------
Changelogs

rh9: * Sat Feb 12 2005 Marc Deslauriers <marcdeslauriers videotron ca> 8:2.0-11.9.3.legacy - added missing automake, libtool, libacl-devel and groff BuildRequires

* Fri Sep 10 2004 Marc Deslauriers <marcdeslauriers videotron ca> 8:2.0-11.9.2.legacy - added rsh patch to fix CAN-2004-0806

---------------------------------------------------------------------
This update can be downloaded from:
  http://download.fedoralegacy.org/
(sha1sums)

rh9: 6ec40cf0eb0853bbb2cfe36d17349aaed55e82fa redhat/9/updates-testing/i386/cdda2wav-2.0-11.9.3.legacy.i386.rpm ca6510d1737dcc5d2a7491d4b908999bd4cf9003 redhat/9/updates-testing/i386/cdrecord-2.0-11.9.3.legacy.i386.rpm b524bf67a74450990cb95f249153c6e266acbf03 redhat/9/updates-testing/i386/cdrecord-devel-2.0-11.9.3.legacy.i386.rpm 291b49e8ab22b2d1f27052504b41bd1cd25a7c24 redhat/9/updates-testing/i386/mkisofs-2.0-11.9.3.legacy.i386.rpm b138f4696e00faa674c141b8152337f87d6c01f6 redhat/9/updates-testing/SRPMS/cdrtools-2.0-11.9.3.legacy.src.rpm

---------------------------------------------------------------------

Please test and comment in bugzilla.

Attachment: signature.asc
Description: OpenPGP digital signature

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]