mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-08 02:09:48 +03:00
09c531ca09
Fixes the following security issues:
CVE-2020-14367: Insecure writing of pidfile
-------------------------------------------
When chronyd is configured to save the pidfile in a directory where the
chrony user has write permissions (e.g. /var/run/chrony - the default
since chrony-3.4), an attacker that compromised the chrony user account
could create a symbolic link at the location of the pidfile to make
chronyd starting with root privileges follow the symlink and write its
process ID to a file for which the chrony user doesn't have write
permissions, causing a denial of service, or data loss.
This issue was reported by Matthias Gerstner of SUSE.
For further details, see the oss-security posting:
https://www.openwall.com/lists/oss-security/2020/08/21/1
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Yann E. MORIN <yann.morin.1998@free.fr>
(cherry picked from commit 15484553f3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
5 lines
296 B
Plaintext
5 lines
296 B
Plaintext
# From https://listengine.tuxfamily.org/chrony.tuxfamily.org/chrony-announce/2020/08/msg00000.html
|
|
sha256 1ba82f70db85d414cd7420c39858e3ceca4b9eb8b028cbe869512c3a14a2dca7 chrony-3.5.1.tar.gz
|
|
# Locally calculated
|
|
sha256 ab15fd526bd8dd18a9e77ebc139656bf4d33e97fc7238cd11bf60e2b9b8666c6 COPYING
|