FS#52743 - [s-nail] Local root 0-day
Attached to Project:
Arch Linux
Opened by Pascal Ernster (hardfalcon) - Friday, 27 January 2017, 23:18 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 28 January 2017, 00:21 GMT
Opened by Pascal Ernster (hardfalcon) - Friday, 27 January 2017, 23:18 GMT
Last edited by Gaetan Bisson (vesath) - Saturday, 28 January 2017, 00:21 GMT
|
Details
Usually I wouldn't open a bug report for an outdated
package, but as this is a security vulnerability for local
root with a working exploit in the wild, I decided to make
an exception.
There's a working local root exploit for s-nail (which is in [core] and installed by default, and the CVE request explicitly names Archlinux and claims that this was fixed by upstream today: http://www.openwall.com/lists/oss-security/2017/01/27/7 https://www.sdaoden.eu/code-nail-ann.html |
This task depends upon
Closed by Gaetan Bisson (vesath)
Saturday, 28 January 2017, 00:21 GMT
Reason for closing: Not a bug
Additional comments about closing: I'm not moving stuff to [core] without signoffs.
Saturday, 28 January 2017, 00:21 GMT
Reason for closing: Not a bug
Additional comments about closing: I'm not moving stuff to [core] without signoffs.
Comment by Gaetan Bisson (vesath) -
Saturday, 28 January 2017, 00:20 GMT
Feel free to help by signing-off on s-nail-14.8.16-1 in [testing].