[ubuntu/focal-updates] networkd-dispatcher 2.1-2~ubuntu20.04.2 (Accepted)

Ubuntu Archive Robot ubuntu-archive-robot at lists.canonical.com
Thu Apr 28 16:58:17 UTC 2022

networkd-dispatcher (2.1-2~ubuntu20.04.2) focal-security; urgency=medium

  * SECURITY UPDATE: Directory traversal
    - debian/patches/CVE-2022-29799-pre.patch: Add a word that is missing
      in exception messages in networkd-dispatcher and
    - debian/patches/CVE-2022-29799.patch: Add allowed admin and
      operational states in networkd-dispatcher and throw exceptions in
      handle_state function if the current state is not one of those and
      add a test case test_handle_state in
    - CVE-2022-29799
  * SECURITY UPDATE: Time-of-check-time-of-use race condition
    - debian/patches/CVE-2022-29800-1.patch: Add check_perms function that
      will be invoked in scripts_in_path function before appending a file
      path to the script_list in networkd-dispatcher and change
      test_scripts_in_path test case in tests/test_networkd-dispatcher.py
      with follow_symlinks set to false.
    - debian/patches/CVE-2022-29800-2.patch: Passes os.path.dirname(path)
      when checking for permissions in scripts_in_path function in
    - CVE-2022-29800

Date: 2022-04-28 11:19:10.623979+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
-------------- next part --------------
Sorry, changesfile not available.

More information about the Focal-changes mailing list