FS#59075 - [cantata] [Security] multiple issues (CVE-2018-12562 CVE-2018-12561 CVE-2018-12560 CVE-2018-12559)
Attached to Project:
Community Packages
Opened by Morten Linderud (Foxboron) - Tuesday, 19 June 2018, 22:07 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 20 June 2018, 06:39 GMT
Opened by Morten Linderud (Foxboron) - Tuesday, 19 June 2018, 22:07 GMT
Last edited by Antonio Rojas (arojas) - Wednesday, 20 June 2018, 06:39 GMT
|
Details
Summary
======= The package cantata is vulnerable to multiple issues including access restriction bypass, arbitrary filesystem access and privilege escalation via CVE-2018-12562, CVE-2018-12561, CVE-2018-12560 and CVE-2018-12559. Guidance ======== There hasn't been a new release yet, but the solution is to either remove D-Bus integration with the commit in master, or build without D-Bus. References ========== https://security.archlinux.org/AVG-721 https://github.com/CDrummond/cantata/commit/afc4f8315d3e96574925fb530a7004cc9e6ce3d3 http://www.openwall.com/lists/oss-security/2018/06/18/1 http://www.openwall.com/lists/oss-security/2018/06/18/1 |
This task depends upon
Closed by Antonio Rojas (arojas)
Wednesday, 20 June 2018, 06:39 GMT
Reason for closing: Fixed
Additional comments about closing: cantata 2.3.1-2
Wednesday, 20 June 2018, 06:39 GMT
Reason for closing: Fixed
Additional comments about closing: cantata 2.3.1-2