[Bug 46649] Re: Cron not checking setgid return value

Launchpad Bug Tracker Mon, 01 Jun 2009 11:01:15 -0700

This bug was fixed in the package cron - 3.0pl1-105ubuntu1.1

---------------
cron (3.0pl1-105ubuntu1.1) jaunty-security; urgency=low


  * SECURITY UPDATE: cron does not check the return code of setgid() and
    initgroups(), which under certain circumstances could cause applications
    to run with elevated group privileges. Note that the more serious issue
    of not checking the return code of setuid() was fixed in 3.0pl1-64.
    (LP: #46649)
    - do_command.c: check return code of setgid() and initgroups()
    - CVE-2006-2607

 -- Jamie Strandboge <ja...@ubuntu.com>   Tue, 12 May 2009 12:37:40
-0500

** Changed in: cron (Ubuntu Jaunty)
       Status: Fix Committed => Fix Released

** Changed in: cron (Ubuntu Intrepid)
       Status: Fix Committed => Fix Released

-- 
Cron not checking setgid return value
https://bugs.launchpad.net/bugs/46649
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 46649] Re: Cron not checking setgid return value

Reply via email to