ALT-PU-2015-1140-1
Package policycoreutils updated to version 2.3-alt1 for branch sisyphus in task 139819.
Closed vulnerabilities
Published: 2014-12-26
BDU:2015-09785
Уязвимость операционной системы Gentoo Linux, позволяющая злоумышленнику нарушить конфиденциальность, целостность и доступность защищаемой информации
References:
Published: 2014-05-08
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-3215
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user-ID value, which makes it easier for local users to gain privileges by leveraging a program that mistakenly expected that it could permanently drop privileges.
References:
- http://advisories.mageia.org/MGASA-2014-0251.html
- http://advisories.mageia.org/MGASA-2014-0251.html
- openSUSE-SU-2014:0749
- openSUSE-SU-2014:0749
- [oss-security] 20140429 local privilege escalation due to capng_lock as used in seunshare
- [oss-security] 20140429 local privilege escalation due to capng_lock as used in seunshare
- [oss-security] 20140430 Re: local privilege escalation due to capng_lock as used in seunshare
- [oss-security] 20140430 Re: local privilege escalation due to capng_lock as used in seunshare
- [oss-security] 20140507 Re: local privilege escalation due to capng_lock as used in seunshare
- [oss-security] 20140507 Re: local privilege escalation due to capng_lock as used in seunshare
- RHSA-2015:0864
- RHSA-2015:0864
- 59007
- 59007
- MDVSA-2015:156
- MDVSA-2015:156
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
- 67341
- 67341