[ubuntu/impish-security] networkd-dispatcher 2.1-2ubuntu0.21.10.1 (Accepted)
Rodrigo Figueiredo Zaiden
rodrigo.zaiden at canonical.com
Thu Apr 28 16:14:13 UTC 2022
networkd-dispatcher (2.1-2ubuntu0.21.10.1) impish-security; urgency=medium
* SECURITY UPDATE: Directory traversal
- debian/patches/CVE-2022-29799-pre.patch: Add a word that is missing
in exception messages in networkd-dispatcher and
tests/test_networkd-dispatcher.py.
- debian/patches/CVE-2022-29799.patch: Add allowed admin and
operational states in networkd-dispatcher and throw exceptions in
handle_state function if the current state is not one of those and
add a test case test_handle_state in
tests/test_networkd-dispatcher.py.
- CVE-2022-29799
* SECURITY UPDATE: Time-of-check-time-of-use race condition
- debian/patches/CVE-2022-29800-1.patch: Add check_perms function that
will be invoked in scripts_in_path function before appending a file
path to the script_list in networkd-dispatcher and change
test_scripts_in_path test case in tests/test_networkd-dispatcher.py
with follow_symlinks set to false.
- debian/patches/CVE-2022-29800-2.patch: Passes os.path.dirname(path)
when checking for permissions in scripts_in_path function in
networkd-dispatcher.
- CVE-2022-29800
Date: 2022-04-28 11:20:11.778588+00:00
Changed-By: Rodrigo Figueiredo Zaiden <rodrigo.zaiden at canonical.com>
https://launchpad.net/ubuntu/+source/networkd-dispatcher/2.1-2ubuntu0.21.10.1
-------------- next part --------------
Sorry, changesfile not available.
More information about the impish-changes
mailing list