ports

sync/ports

Fork 0

mirror of https://git.freebsd.org/ports.git synced 2025-07-09 05:19:16 -04:00

Commit graph

Author	SHA1	Message	Date
Niclas Zeising	7671dd5ccb	security/trousers: fix security issues Fix three security issues in security/trousers: * CVE-2020-24332 If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks * CVE-2020-24330 If the tcsd daemon is started with root privileges, it fails to drop the root gid after it is no longer needed * CVE-2020-24331 If the tcsd daemon is started with root privileges, the tss user has read and write access to the /etc/tcsd.conf file Add patches to fix potential use-after-free Fix build with -fno-common MFH: 2020Q3 Security: e37a0a7b-e1a7-11ea-9538-0c9d925bbbc0	2020-08-18 23:23:22 +00:00

Author

SHA1

Message

Date

Niclas Zeising

7671dd5ccb

security/trousers: fix security issues

Fix three security issues in security/trousers:

* CVE-2020-24332
  If the tcsd daemon is started with root privileges,
  the creation of the system.data file is prone to symlink attacks

* CVE-2020-24330
  If the tcsd daemon is started with root privileges,
  it fails to drop the root gid after it is no longer needed

* CVE-2020-24331
  If the tcsd daemon is started with root privileges,
  the tss user has read and write access to the /etc/tcsd.conf file

Add patches to fix potential use-after-free
Fix build with -fno-common

MFH:		2020Q3
Security:	e37a0a7b-e1a7-11ea-9538-0c9d925bbbc0

2020-08-18 23:23:22 +00:00

1 commit