inetutils: fix CVE-2023-40303 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Yogita Urade <yogita.urade@windriver.com>	2023-08-29 14:24:40 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-09-04 04:13:24 -1000
commit	cccf6723f3188ebe1da2a85c14f63e8a9a33e776 (patch)
tree	cd9228a79477e3a1e254c9952b1d4e484b29aeef /scripts/lib
parent	2f5d4fa3495bea5ed0a4232b14cdeba39f27b75e (diff)
download	poky-cccf6723f3188ebe1da2a85c14f63e8a9a33e776.tar.gz

inetutils: fix CVE-2023-40303

GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. Refernces: https://nvd.nist.gov/vuln/detail/CVE-2023-40303 (From OE-Core rev: b8e2dad0650b8a80e3d85e6d87fda1a0e2fb195f) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: