ALT-PU-2020-4235-1
Package kernel-modules-zfs-std-def updated to version 0.8.6-alt1.328788.1 for branch sisyphus in task 263619.
Closed vulnerabilities
Published: 2020-08-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-24716
OpenZFS before 2.0.0-rc1, when used on FreeBSD, allows execute permissions for all directories.
Severity: MEDIUM (4.6)Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
- https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1
- https://jira.ixsystems.com/browse/NAS-107270
- https://reviews.freebsd.org/D26107
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
- https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1
- https://jira.ixsystems.com/browse/NAS-107270
- https://reviews.freebsd.org/D26107
Published: 2020-08-27
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2020-24717
OpenZFS before 2.0.0-rc1, when used on FreeBSD, misinterprets group permissions as user permissions, as demonstrated by mode 0770 being equivalent to mode 0777.
Severity: HIGH (7.2)Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C
Severity: HIGH (7.8)Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References:
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
- https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1
- https://jira.ixsystems.com/browse/NAS-107270
- https://reviews.freebsd.org/D26107
- https://github.com/openzfs/zfs/commit/716b53d0a14c72bda16c0872565dd1909757e73f
- https://github.com/openzfs/zfs/compare/zfs-0.8.4...zfs-2.0.0-rc1
- https://jira.ixsystems.com/browse/NAS-107270
- https://reviews.freebsd.org/D26107