Debian alert DLA-1069-1 (tenshi)
| From: | Lucas Kanashiro <kanashiro@debian.org> | |
| To: | debian-lts-announce@lists.debian.org | |
| Subject: | [SECURITY] [DLA 1069-1] tenshi security update | |
| Date: | Sun, 27 Aug 2017 15:35:56 -0300 | |
| Message-ID: | <20170827183551.a5yw7r37wqk3skwp@riseup.net> |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tenshi Version : 0.13-2+deb7u1 CVE ID : CVE-2017-11746 Debian Bug : 871321 Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. For Debian 7 "Wheezy", these problems have been fixed in version 0.13-2+deb7u1. We recommend that you upgrade your tenshi packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmjEN4ACgkQ+COicpiD yXxkHw//c0nsYXKypusHKMU1Jr3b/KsC6NfvEUCr2UL7Z/MOFflWSccMDMCqmuRK STfmiyl5CWXlGUHzRbMcJAtKNIgSeMZywqk/jxxGchdhd2vmrxoXV29NXK6iNVMB EaL2RiA2SjPaQ2ZxzcRVpmcz+4wru3fy9Q9wRg/zEUCM6iJf9/dkCG4KxzR1LejB CH3ShO339j/d+iDLPBasBl1mD1Sh8H1xZVFnmR+iOIncd97J+n6XnxlRx2cI+CY5 0RGQ1AgzLu05XMv0RmTK1gvZ9zT8xgeTtwvE+jjpEPOljohiyikat7pts6yeoJ7u el8kBHgnelTV6b3Pg3skud6NOxwWiVeukK7q5DP1jRZs+A3u/kGbwja8RSy0Outj IKOPl/FP0dij9PDGFoclguIrxOrmrIaGuJ/2zP9LIfARybsiCtprmSN3UkvqxNAs goSO1V1KNbKMAdqpe5cuGyEY0ln6t4r0WYZwj9E7uYx5aTt8GMMkzLW9csW+0tCg lgRJzDxXD/qH56WxY+gO0L1K+9rz5C8wJKX0B+gwBLL8aFG8Jo0rHgUSOsT2r52D 60T947ea7skFcCPmhikVOA6/7PJlBFWcqYZLduT2KcM/Fx6zx6bRmXaCWBOZAiwl 5tuu3QJfLQhEaMcqGNAHx/XRlKrizMMb3PVaYEpwWK7XA22+/Ys= =lSJZ -----END PGP SIGNATURE-----