[Buildroot] [PATCH v2] package/trousers: add upstream security fix
Peter Korsgaard
peter at korsgaard.com
Fri Aug 28 17:55:06 UTC 2020
>>>>> "Peter" == Peter Korsgaard <peter at korsgaard.com> writes:
> Fixes the following security issues:
> CVE-2020-24332
> If the tcsd daemon is started with root privileges,
> the creation of the system.data file is prone to symlink attacks
> CVE-2020-24330
> If the tcsd daemon is started with root privileges,
> it fails to drop the root gid after it is no longer needed
> CVE-2020-24331
> If the tcsd daemon is started with root privileges,
> the tss user has read and write access to the /etc/tcsd.conf file
> For details, see the advisory:
> https://www.openwall.com/lists/oss-security/2020/05/20/3
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> Changes since v1:
> - Add _IGNORE_CVES entry
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list