Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

Fedora 27: FEDORA-2018-25c6d1b417 Moderate: Hesiod Weak Check Exploit

fedora
Calendar Grey October 23, 2018
Dist Fedora Esm H88
Upgrade to Fedora 27 which fixes vulnerabilities in Hesiod concerning the use of a hardcoded DNS fallback mechanism and inadequate checks for SUID.
Fix CVE-2016-10152 (hardcoded DNS fallback) Fix CVE-2016-10151 (weak SUID check) Move package to autosetup Resolves: #1332509 Resolves: #1332494

Summary

Hesiod is a system which uses existing DNS functionality to provide access

to databases of information that changes infrequently. It is often used to

distribute information kept in the /etc/passwd, /etc/group, and /etc/printcap

files, among others.

Fix CVE-2016-10152 (hardcoded DNS fallback) Fix CVE-2016-10151 (weak

SUID check) Move package to autosetup Resolves: #1332509

Resolves: #1332494

* Thu Oct 11 2018 Robbie Harwood - 3.2.1-14

- Fix CVE-2016-10152 (hardcoded DNS fallback)

- Fix CVE-2016-10151 (weak SUID check)

- Move package to autosetup

* Fri Jul 13 2018 Fedora Release Engineering - 3.2.1-13

- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

* Fri May 18 2018 Adam Williamson - 3.2.1-12

- Rebuild for new libidn

* Mon Apr 2 2018 Peter Robinson 3.2.1-11

- Cleanup and modernise spec

* Wed Feb 7 2018 Fedora Release Engineering - 3.2.1-10

- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild

[ 1 ] Bug #1332509 - hesiod: Weak SUID check allowing privilege elevation [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1332509

[ 2 ] Bug #1332494 - hesiod: Use of hard-coded unsafe configuration if configuration file cannot be opened [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1332494

su -c 'dnf upgrade --advisory FEDORA-2018-25c6d1b417' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/

Topics%20covered

Topics Covered

security advisory moderate security update fedora hesiod weak check DNS fallback

Change Log

References

Update Instructions

Product: Fedora 27
Version: 3.2.1
Release: 14.fc27
URL: None
Summary: Shared libraries for querying the Hesiod naming service

Topics%20covered

Topics Covered

security advisory moderate security update fedora hesiod weak check DNS fallback

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here