Your message dated Wed, 04 Dec 2024 21:12:23 +0000
with message-id <e1tiwfx-00crj6...@fasolo.debian.org>
and subject line Bug#1088635: fixed in tuned 2.24.1-1
has caused the Debian Bug report #1088635,
regarding tuned: CVE-2024-52336 CVE-2024-52337
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
1088635: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088635
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Source: tuned
Version: 2.24.0-1
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org>
Hi,
The following vulnerabilities were published for tuned.
CVE-2024-52336[0]:
| A script injection vulnerability was identified in the Tuned
| package. The `instance_create()` D-Bus function can be called by
| locally logged-in users without authentication. This flaw allows a
| local non-privileged user to execute a D-Bus call with `script_pre`
| or `script_post` options that permit arbitrary scripts with their
| absolute paths to be passed. These user or attacker-controlled
| executable scripts or programs could then be executed by Tuned with
| root privileges that could allow attackers to local privilege
| escalation.
CVE-2024-52337[1]:
| A log spoofing flaw was found in the Tuned package due to improper
| sanitization of some API arguments. This flaw allows an attacker to
| pass a controlled sequence of characters; newlines can be inserted
| into the log. Instead of the 'evil' the attacker could mimic a valid
| TuneD log line and trick the administrator. The quotes '' are
| usually used in TuneD logs citing raw user input, so there will
| always be the ' character ending the spoofed input, and the
| administrator can easily overlook this. This logged string is later
| used in logging and in the output of utilities, for example, `tuned-
| adm get_instances` or other third-party programs that use Tuned's
| D-Bus interface for such operations.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2024-52336
https://www.cve.org/CVERecord?id=CVE-2024-52336
[1] https://security-tracker.debian.org/tracker/CVE-2024-52337
https://www.cve.org/CVERecord?id=CVE-2024-52337
[2] https://www.openwall.com/lists/oss-security/2024/11/28/1
Regards,
Salvatore
--- End Message ---
--- Begin Message ---
Source: tuned
Source-Version: 2.24.1-1
Done: Evgeni Golov <evg...@debian.org>
We believe that the bug you reported is fixed in the latest version of
tuned, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1088...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Evgeni Golov <evg...@debian.org> (supplier of updated tuned package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Wed, 04 Dec 2024 21:07:45 +0100
Source: tuned
Architecture: source
Version: 2.24.1-1
Distribution: unstable
Urgency: medium
Maintainer: Evgeni Golov <evg...@debian.org>
Changed-By: Evgeni Golov <evg...@debian.org>
Closes: 1088635
Changes:
tuned (2.24.1-1) unstable; urgency=medium
.
* New upstream release (Closes: #1088635)
* fixed privileged execution of arbitrary scripts by active local user
CVE-2024-52336
* added sanity checks for API methods parameters
CVE-2024-52337
Checksums-Sha1:
dbb64a6717a95f689df1594055932765983b963b 2176 tuned_2.24.1-1.dsc
b6fd95ad12d947ca09187164146afe51c8a2e761 264503 tuned_2.24.1.orig.tar.gz
2112947a4166c14b26b67a844d329c6eafdca9e7 6992 tuned_2.24.1-1.debian.tar.xz
4c6c9997f4d254986c7ea9178e6bbf626e8b3de6 6116 tuned_2.24.1-1_source.buildinfo
Checksums-Sha256:
bd01a2920f2c558a5f7869aa75930e72a2c228ee3953e46745fd1454d489d9bd 2176
tuned_2.24.1-1.dsc
7029f113158a6ec2e1ad3c2084b1d3c5858cbc220daad6c5d90c784bd493a37f 264503
tuned_2.24.1.orig.tar.gz
afaae0a5f2a0d262627759821e8b7e7d6477d3bb48bab7d3aca8f3bb562690e5 6992
tuned_2.24.1-1.debian.tar.xz
45140a1d76104b6ac82f54ef0c2f883b06786a92efb636132d66dfe425639dcd 6116
tuned_2.24.1-1_source.buildinfo
Files:
3fbbce985d8fd9604013ba56ed38f9a0 2176 admin optional tuned_2.24.1-1.dsc
aa679e01db87e8d7f3755e6f333fb381 264503 admin optional tuned_2.24.1.orig.tar.gz
2db9a7c227d6ab6b5385f15a5e67c376 6992 admin optional
tuned_2.24.1-1.debian.tar.xz
049d3641ddcf5581ad1523e6bfaaba91 6116 admin optional
tuned_2.24.1-1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEExW57amdnGPa81AdGTrsFQAtaiq4FAmdQty4ACgkQTrsFQAta
iq7B5xAAgFwBC2izB/2clag/6dXqKdRXrEAkrI9HwvG+tv1fOv7widBIIgfKutAQ
gqWF7jCuOiW1/BL1+GO4Z2ewN2Ae5nx5r7A8yQ3EkwqIqjMW4g+lqHuNM5hDGS0u
EWILPhgMbbrTr68oVg7FvmOuGVt/2PTtfvE/bdYVzX6nGdJXBKqF+FmhR1BpXQRi
UXsvf81kwWAlVlwWIXtJXg4ub47zeU90kbr1nvoRjHaC4P570qWCzmXK7aLUoLKP
Hv291OUANslbaXZEyqI80Sufm7KbkBQtvpU4r5tu6VIFJ8Blxwockc/Fsqopnjxa
ULr0udu8QW/M04AuMHL2Zhahyc4jQ2ceedgL40bPS6dc2jkRpd/JYTpsT5qR07m6
nBWeR09F7l8yIRNhHsNmygeNnuT7iCxBV7N+kuuhgf989uB+oM8xfjmDHMkccJd4
DW4733qpZt8FSurxy8/eqlFHTSIN4dSZ2JCX7adpTXFgh4EC1ufG3fgsPbW04Yud
AmRUjXnUocMbLsaUlsvQZwGWa1He1h4yi+FtkeRQF95dm+KdiDcAIZj6+dDlCKl0
fJ+8pV/Kk2ef+JgUds9NzSNSJeNZ8vyG611INV6kgxVC0S/GbojiVBNiDMUf3z/+
T8+dsB7AahaGwmPMXts4Wh8qaPPY/f2T9JZMAZvkdQ5Y2oX2r80=
=jk1X
-----END PGP SIGNATURE-----
pgpp1AGEhgVOd.pgp
Description: PGP signature
--- End Message ---
