[ubuntu/bionic-security] cron 3.0pl1-128.1ubuntu1.1 (Accepted)
David Fernandez Gonzalez
david.fernandezgonzalez at canonical.com
Thu May 5 12:25:37 UTC 2022
cron (3.0pl1-128.1ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: privilege escalation in postinst script
- Add sanity checks over the entries in spool directory and
set up owner and group accordingly in debian/postinst
- CVE-2017-9525
* SECURITY UPDATE: denial of service via large file
- Add sanity check in case of running out of memory when
parsing the file in entry.c
- CVE-2019-9704
* SECURITY UPDATE: denial of service via large file
- Add sanity check to ensure that no more than 1000 lines of
length are allowed in crontabs in cron.h, crontab.c and
user.c.
- CVE-2019-9705
* SECURITY UPDATE: denial of service by use-after-free
- Add return values when there is no memory available
in database.c
- CVE-2019-9706
Date: 2022-05-02 08:37:12.551378+00:00
Changed-By: David Fernandez Gonzalez <david.fernandezgonzalez at canonical.com>
https://launchpad.net/ubuntu/+source/cron/3.0pl1-128.1ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the Bionic-changes
mailing list