projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ab0c98c) | patch
package/trousers: add upstream security fix
authorPeter Korsgaard <peter@korsgaard.com>
Mon, 24 Aug 2020 10:25:16 +0000 (12:25 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 28 Aug 2020 17:53:26 +0000 (19:53 +0200)
commite71be18354391055a0a21e06a78aaade25ea62d0
tree24fd4d478c63cf49642209cf2b4991713a32837dtree
parentab0c98cac861197f2b8b56f5216c0f1312f6209bcommit | diff
package/trousers: add upstream security fix

Fixes the following security issues:

CVE-2020-24332
If the tcsd daemon is started with root privileges,
the creation of the system.data file is prone to symlink attacks

CVE-2020-24330
If the tcsd daemon is started with root privileges,
it fails to drop the root gid after it is no longer needed

CVE-2020-24331
If the tcsd daemon is started with root privileges,
the tss user has read and write access to the /etc/tcsd.conf file

For details, see the advisory:
https://www.openwall.com/lists/oss-security/2020/05/20/3

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/trousers/0003-Correct-multiple-security-issues-that-are-present-if.patch [new file with mode: 0644] blob
package/trousers/trousers.mk diff | blob | history