sys-apps

Security Bug Reports

• sys-apps/systemd: TOCTOU race condition when updating file permissions and SELinux security contexts

  600624 - Assigned to Gentoo Security
• <sys-apps/openrc-0.43: checkpath root privilege escalation following non-terminal symlinks (CVE-2018-21269)

  751424 - Assigned to Gentoo Security
• <sys-apps/openrc-{0.43.5-r1,0.44.6-r1}: Buffer overflow in checkpath (CVE-2021-42341)

  818085 - Assigned to Gentoo Security
• <sys-apps/usbredir-0.12.0: use-after-free

  834010 - Assigned to Gentoo Security
• sys-apps/busybox: multiple vulnerabilities

  836920 - Assigned to Gentoo Security
• sys-apps/portage uses /var/tmp insecurely

  853283 - Assigned to Gentoo Security
• sys-apps/man2html: multiple vulnerabilities

  869413 - Assigned to Gentoo Security
• <sys-apps/shadow-4.13-r3: passwd file manipulation via chfn

  904518 - Assigned to Gentoo Security
• <sys-apps/portage-3.0.47: dispatch-conf race condition with chmod on log file access

  904895 - Assigned to Gentoo Security
• <sys-apps/shadow-4.13-r4: possible password leak during passwd(1) change

  908613 - Assigned to Gentoo Security
• <sys-apps/hwloc-2.9.3: Denial of service

  914155 - Assigned to Gentoo Security
• sys-apps/busybox: multiple vulnerabilities

  918699 - Assigned to Gentoo Security
• <sys-apps/coreutils-9.4-r1: split heap buffer overflow vulnerability

  922474 - Assigned to Gentoo Security
• <sys-apps/util-linux-2.39.3-r6[tty-helpers]: wall escape sequence issues

  927980 - Assigned to Gentoo Security
• <sys-apps/coreutils-9.5: chmod -R TOCTOU vulnerability

  928062 - Assigned to Gentoo Security
• <sys-apps/less-643-r2: LESSOPEN handling is unsafe on untrusted names, arbitrary code execution

  929210 - Assigned to Gentoo Security
• sys-apps/tuned: multiple vulnerabilities

  945241 - Assigned to Gentoo Security