[SECURITY] Fedora EPEL 5 Update: incron-0.5.5-2.el5
updates at fedoraproject.org
updates at fedoraproject.org
Tue Nov 3 01:58:54 UTC 2009
--------------------------------------------------------------------------------
Fedora EPEL Update Notification
FEDORA-EPEL-2009-0598
2009-10-08 17:38:24
--------------------------------------------------------------------------------
Name : incron
Product : Fedora EPEL 5
Version : 0.5.5
Release : 2.el5
URL : http://inotify.aiken.cz
Summary : Inotify cron system
Description :
This program is an "inotify cron" system.
It consists of a daemon and a table manipulator.
You can use it a similar way as the regular cron.
The difference is that the inotify cron handles
filesystem events rather than time periods.
--------------------------------------------------------------------------------
Update Information:
This update addresses CVE-2009-3589 with a patch to initialize the supplementary
groups of processes that are run from user incrontabs. Without it, these
processes run with the supplementary groups from the incrond process. These
groups might include the group disk, e.g. when the incrond process was started
using "service incrond start". Then the users allowed to create a incrontab
table could access raw disk contents. There might also be other ways to exploit
this vulnerability.
--------------------------------------------------------------------------------
This update can be installed with the "yum" update programs. Use
su -c 'yum update incron' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora EPEL GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
More information about the epel-package-announce
mailing list