Diffusion FreeBSD ports repository rP545264

security/trousers: fix security issues
rP545264
Actions

Tags

None

Referenced Files

None

Subscribers

None

Description

security/trousers: fix security issues

Fix three security issues in security/trousers:

CVE-2020-24332 If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks

CVE-2020-24330 If the tcsd daemon is started with root privileges, it fails to drop the root gid after it is no longer needed

CVE-2020-24331 If the tcsd daemon is started with root privileges, the tss user has read and write access to the /etc/tcsd.conf file

Add patches to fix potential use-after-free
Fix build with -fno-common

MFH: 2020Q3
Security: e37a0a7b-e1a7-11ea-9538-0c9d925bbbc0

Details

Provenance

Authored on

Parents

rP545263: vuxml: Document security issues in security/trousers

Branches

Unknown

Tags

Unknown

Event Timeline

zeising committed rP545264: security/trousers: fix security issues.Aug 18 2020, 11:23 PM

Changes (6)

Path

Size

head/

security/

trousers/

files/

patch-0a14b979.c

patch-10b33821.c

patch-c9b8c443.c

patch-e74dd1d9.c

patch-src_tcsd_svrside.c

rP545264

head/security/trousers/Makefile

Loading...

head/security/trousers/files/patch-0a14b979.c

Loading...

head/security/trousers/files/patch-10b33821.c

Loading...

head/security/trousers/files/patch-c9b8c443.c

Loading...

head/security/trousers/files/patch-e74dd1d9.c

Loading...

head/security/trousers/files/patch-src_tcsd_svrside.c

Loading...