Stay Secure with the Latest Linux Advisories

security advisoryhigh severitygentoo

Gentoo: GLSA-202305-15 Critical: Nginx Denial of Service Vulnerability

A vulnerability has been discovered in uptimed which could result in root privilege escalation.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202305-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: uptimed: Root Privilege Escalation Date: May 03, 2023 Bugs: #630810 ID: 202305-14 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= A vulnerability has been discovered in uptimed which could result in root privilege escalation. Background ========= uptimed is a system uptime record daemon that keeps track of your highest uptimes. Affected packages ================ ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-misc/uptimed < 0.4.6-r1 > = 0.4.6-r1 Description ========== Via unnecessary file ownership modifications in the pkg_postinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time. Impact ===== The uptimed user could achieve root privileges when the uptimed package is emerged. Workaround ========= There is no known workaround at this time. Resolution ========= All uptimed users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =app-misc/uptimed-0.4.6-r1" References ========= [ 1 ] CVE-2020-36657 https://nvd.nist.gov/vuln/detail/CVE-2020-36657 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202305-14 Concerns? ======== Security is a primary focus of Gentoo Linuxand ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to This email address is being protected from spambots. You need JavaScript enabled to view it. or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2023 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5/ . An alarming security vulnerability in uptimed on Gentoo necessitates immediate updates to ensure user safety.. Gentoo Security Advisory,Uptimed Privilege Escalation,High Severity Exploit. . LinuxSecurity.com Team

May 03, 2023 Gentoo