[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] CVE request: enlightenment sysactions
From: Martin Carpenter <mcarpenter () free ! fr>
Date: 2014-01-30 22:30:51
Message-ID: 1391121051.4051.34.camel () juliet ! mcarpenter ! org
[Download RAW message or body]
Hi,
Red Hat Security suggested I request a CVE here since this potentially
effects multiple distros/maintainers. The Enlightenment window manager
(enlightenment.org) was found to ship with (a) a setuid root helper that
did not effectively sanitize its environment and (b) a weak default
configuration. Users in select groups could exploit this to execute
arbitrary programs as root.
This was fixed upstream in 3 commits each for both e17 and e18 branches,
with two new releases shipped shortly after:
0.17.6, Dec 4th 2013: [1], [2], [3]
0.18.0, Dec 21st 2013: [4], [5], [6]
Fedora has a bug filed against it at [7] referencing the e18 commits.
Thanks,
Martin.
[1]
https://git.enlightenment.org/core/enlightenment.git/commit/?id=ea605237bb64ee09341121461b3d2c0f5dbe832d
[2]
https://git.enlightenment.org/core/enlightenment.git/commit/?id=126afd0fda493deec8398088e6e928b4d2e5f463
[3]
https://git.enlightenment.org/core/enlightenment.git/commit/?id=8cabf2708520539cf25ca0a876f9c044f6d56a77
[4]
https://git.enlightenment.org/core/enlightenment.git/commit/?id=9456e88504cb5daddbac3f49373a3a9a8577e27a
[5]
https://git.enlightenment.org/core/enlightenment.git/commit/?id=666df815cd86a50343859bce36c5cf968c5f38b0
[6]
https://git.enlightenment.org/core/enlightenment.git/commit/?id=bb4a21e98656fe2c7d98ba2163e6defe9a630e2b
[7] https://bugzilla.redhat.com/show_bug.cgi?id=1059410
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic