FEDORA-2018-89a3999673 created by pmatilai 2 years ago for Fedora 29
stable

An unfortunate regression in rpm 4.14.2 causes --setperms to behave incorrectly on symbolic links: file and directory permissions become world writable and executable on symlink targets. A similar flaw exists in --setugids, but it is less exploitable.

If you have used --setperms (or --setugids, or --restore) with rpm 4.14.2, you should ensure system integrity with rpm --verify before proceeding to correct any mixed up permissions and ownerships to avoid possibly giving suid capabilities to a modified binary.

Further details of the --setperms bug available upstream: http://rpm.org/wiki/Releases/4.14.2.1

Note that this update can not automatically fix possible damage done by using –setperms, –setugids or –restore with rpm 4.14.2, it merely fixes the functionlity itself. Any damage needs to be investigated and fixed manually, such as using –verify and –restore or reinstalling packages.

How to install

sudo dnf upgrade --advisory=FEDORA-2018-89a3999673

This update has been submitted for testing by pmatilai.

2 years ago

pmatilai edited this update.

2 years ago

This update has been pushed to testing.

2 years ago
User Icon lnie commented & provided feedback 2 years ago
karma

works as usual

User Icon besser82 commented & provided feedback 2 years ago
karma

Works great! LGTM! =)

User Icon danniel commented & provided feedback 2 years ago
karma

works

pmatilai edited this update.

2 years ago
User Icon renault commented & provided feedback 2 years ago
karma

No regressions found

User Icon cserpentis commented & provided feedback 2 years ago
karma

works for me

User Icon bojan commented & provided feedback 2 years ago
karma

Works after upgrade from F28 to F29.

User Icon filiperosset commented & provided feedback 2 years ago
karma

no regressions noted

User Icon mmarusak provided feedback 2 years ago
karma

This update has been submitted for batched by pmatilai.

2 years ago

This update has been submitted for stable by bodhi.

2 years ago

This update has been pushed to stable.

2 years ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
8
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Dates
submitted
2 years ago
in testing
2 years ago
in stable
2 years ago
modified
2 years ago

Automated Test Results