Source: opentmpfiles Version: 0.2+2019.05.21.git.44a55796ba-2 Severity: important Tags: security upstream Forwarded: https://github.com/OpenRC/opentmpfiles/issues/3 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerability was published for opentmpfiles. CVE-2017-18188[0]: | OpenRC opentmpfiles through 0.1.3, when the fs.protected_hardlinks | sysctl is turned off, allows local users to obtain ownership of | arbitrary files by creating a hard link inside a directory on which | "chown -R" will be run. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-18188 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18188 [1] https://github.com/OpenRC/opentmpfiles/issues/3 Regards, Salvatore
