Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396
Summary: CVE-2007-2654: xfsdump file permissions issue Product: Fedora Extras Version: fc6 Platform: All OS/Version: Linux Status: NEW Severity: medium Priority: medium Component: xfsdump AssignedTo: cattelan@redhat.com ReportedBy: ville.skytta@iki.fi QAContact: extras-qa@fedoraproject.org CC: fedora-security-list@redhat.com
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-2654
"xfs_fsr in xfsdump creates a temporary directory with insecure permissions, which allows local users to read or overwrite arbitrary files on xfs filesystems."
Patch from SUSE update attached.
------- Additional Comments From ville.skytta@iki.fi 2007-05-17 03:49 EST ------- Created an attachment (id=154896) --> (https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=154896&action=vie...) Patch from SUSE update
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2654: xfsdump file permissions issue
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396
bugzilla@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Product|Fedora Extras |Fedora
esandeen@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|cattelan@redhat.com |cattelan@thebarn.com
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2654: xfsdump file permissions issue
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396
cattelan@thebarn.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |ASSIGNED
------- Additional Comments From cattelan@thebarn.com 2007-06-20 13:12 EST ------- Sorry didn't see this. I'll get this pulled in soon.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2654: xfsdump file permissions issue
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=240396
esandeen@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|cattelan@thebarn.com |esandeen@redhat.com
------- Additional Comments From esandeen@redhat.com 2007-08-22 15:09 EST ------- This is fixed in most recent xfsprogs 2.2.45, as of a couple months ago:
http://oss.sgi.com/cgi-bin/cvsweb.cgi/xfs-cmds/xfsdump/fsr/xfs_fsr.c.diff?r1...
I've got most recent xfsprogs in F8test and F7 updates-testing; I'll try to get it pushed to F6 as well.
Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report.
Summary: CVE-2007-2654: xfsdump file permissions issue
https://bugzilla.redhat.com/show_bug.cgi?id=240396
esandeen@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|ASSIGNED |CLOSED Fixed In Version| |xfsdump-2.2.42-2.fc6 Resolution| |CURRENTRELEASE
------- Additional Comments From esandeen@redhat.com 2007-09-11 08:59 EST ------- xfsdump-2.2.42-2.fc6 is now available in Fedora 6 Extras, and it resolves this issue.
Thanks,
-Eric
security@lists.fedoraproject.org
-
Red Hat Bugzilla