[Bug 1203018] VUL-0: CVE-2022-31252: permissions: chkstat does not check for group-writable parent directories or target files in safeOpen()
https://bugzilla.suse.com/show_bug.cgi?id=1203018 https://bugzilla.suse.com/show_bug.cgi?id=1203018#c2 Matthias Gerstner <matthias.gerstner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Group|SUSE Security Internal, | |novellonly | Summary|VUL-0: EMBARGOED: |VUL-0: CVE-2022-31252: |CVE-2022-31252: |permissions: chkstat does |permissions: chkstat does |not check for |not check for |group-writable parent |group-writable parent |directories or target files |directories or target files |in safeOpen() |in safeOpen() | --- Comment #2 from Matthias Gerstner <matthias.gerstner@suse.com> --- We're fixing this in the open, therefore publishing this bug. I just opened a PR# [1] with a first shot at fixing this in the current C++ code. This also adds test coverage. [1]: https://github.com/openSUSE/permissions/pull/152 -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com