Bug 1152533 - AUDIT-TRACKER: pcp: Review %post etc in spec file
AUDIT-TRACKER: pcp: Review %post etc in spec file
Status: RESOLVED FIXED
: 1152781 (view as bug list)
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Audits
unspecified
Other Other
: P5 - None : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on: CVE-2019-3695 1152781 CVE-2019-3696
Blocks:
  Show dependency treegraph
 
Reported: 2019-09-30 14:36 UTC by Johannes Segitz
Modified: 2021-06-23 10:49 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2019-09-30 14:36:40 UTC
From: Ludwig Nussel 
For example it calls chown -R on subdirectories of a directory that
is owned by the pcp user. So symlinks to eg / would chown all of /:

  chown -R pcp:pcp %{_logsdir}/pmcd 2>/dev/null
  [...]
  %dir %attr(0775,pcp,pcp) %{_logsdir}
Comment 1 Johannes Segitz 2020-02-18 15:46:55 UTC
Issues found in analysis linked to this bug, making public
Comment 2 David Disseldorp 2021-02-10 12:09:34 UTC
*** Bug 1152781 has been marked as a duplicate of this bug. ***
Comment 7 OBSbugzilla Bot 2021-02-17 23:20:06 UTC
This is an autogenerated message for OBS integration:
This bug (1152533) was mentioned in
https://build.opensuse.org/request/show/873236 Factory / pcp
Comment 9 OBSbugzilla Bot 2021-02-18 12:10:06 UTC
This is an autogenerated message for OBS integration:
This bug (1152533) was mentioned in
https://build.opensuse.org/request/show/873360 Factory / pcp
Comment 11 Swamp Workflow Management 2021-02-23 17:18:10 UTC
SUSE-SU-2021:0565-1: An update that contains security fixes can now be installed.

Category: security (moderate)
Bug References: 1152533
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Development Tools 15-SP2 (src):    pcp-4.3.1-3.11.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2021-02-26 20:22:45 UTC
openSUSE-SU-2021:0348-1: An update that contains security fixes can now be installed.

Category: security (moderate)
Bug References: 1152533
CVE References: 
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    pcp-4.3.1-lp152.5.3.1
Comment 13 Matthias Gerstner 2021-06-23 10:49:17 UTC
Looks like all aspects (sub bugs) for this have been addressed. Closing as
FIXED.