-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2018.2446
                        libcgroup - security update
                              21 August 2018

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           libcgroup
Publisher:         Debian
Operating System:  Debian GNU/Linux 8
                   Linux variants
Impact/Access:     Access Confidential Data -- Existing Account
Resolution:        Patch/Upgrade
CVE Names:         CVE-2018-14348  

Original Bulletin: 
   https://security-tracker.debian.org/tracker/DLA-1472-1

Comment: This advisory references vulnerabilities in products which run on 
         platforms other than Debian. It is recommended that administrators 
         running libcgroup check for an updated version of the software for 
         their operating system.

- --------------------------BEGIN INCLUDED TEXT--------------------

- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Package        : libcgroup
Version        : 0.41-6+deb8u1
CVE ID         : CVE-2018-14348
Debian Bug     : 906308

The cgrulesengd daemon in libcgroup creates log files with world
readable and writable permissions due to a reset of the file mode
creation mask (umask(0)).

For Debian 8 "Jessie", this problem has been fixed in version
0.41-6+deb8u1.

We recommend that you upgrade your libcgroup packages.

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
- -----BEGIN PGP SIGNATURE-----

iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlt7LCJfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD
RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7
UeTl0Q//SlqU7aUuzkJP41oUH4ChmWDQDt9+80a4M1QbsLHY1XBJTCVVtTG2OF2+
4r8L+zTfwXUnzJbqLFZiw2iq+kyKLoalCOnhMuiD9kVPF+3YpuQgJhTuBKyAZmsd
yv66XzZ89Uss54AJFfXqxpxZKJIZWlBuTFBJu6rMW0+vYr44skHJqasgCqLAezIg
9peS4B1+1ti73XksjiYSYmXYPyNHU3Wjvh8ac+AMmPwH/o4aYg92w1j1ZUTb3F57
fZLhRJyCzJwxifmAI4T1OOI8MxUeg2inn+KxrmOkgOzauF0NTh9OAmB2xFk/2Mq5
cbeBArTY2vq68G28bDc3miCmxtnslEZcbTAzGjcvbvrMU6QrpyfJi1GSI3CycUuO
QMi0N2//4uB0Aq2x0ilo+7hYpNsQ4Mx3vDsS/M3VhGZuBJ9WW6JWT80zq7BPZotz
wLHv4w9GtMe53Zhg+Y6cgnQTHQ9eLxL1SIOtQ1ozKe1BIpcGyLsYtJWRCR21bIga
GxWX7FIrPzXWnORPRUDnCyL34u/ZahDdMWFQlZxFQRHlPeOOvbjIbCZM1+RSur7C
EK72KywmIgdedsmTQgED6uG+9yl1Xv72FGNiSGkwniEmdgW2DznT6Nr50oeKgLti
QNMU++SQHfXZ+oG0xw2itmrQxw54b/hQa0FSRh3BY9kRi20/M1I=
=PulW
- -----END PGP SIGNATURE-----

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBW3tiS2aOgq3Tt24GAQhd8A/+OMXGXKtImamI1MzHawQIkeeRBIg93/LJ
rzYG2nQO3VIcLP1sxgAnYTy0kYxJWnya6WYDRYqNJ2bnR8koh0bo+0A2YDf7H08W
7M92Hv6E9azZDJtEsv6htbIi8FV6IuP+ytv6f1lR8reFmIrhzLSBRY1jN1tcJH4M
ID/u/e4cBPEV4jdbQoNY9j1iHbHss9G97jCYoGf1atCYmQCVFytkedhdRNtvbeJv
TI6uicpZjoZi+UfLQIaLhq5NS1x4zpU14+av0+PRC/Q8LPf5eJ/0mDXseaA1khL/
LEqUek/HKPHXjFzbOwlC4Q9kd9wnCd/jHoGVc1PzHJWlEvjgtzQgqfb1r+VEh73F
lGZe2RCqM2yn1tzpKhZctkk/7i1EphtM54SlXZ8vfrtsvqjOkHCJwQ5bRC3/isSy
fVvxeSuFiWZVuW4f90J1jahpnoL87pQ8ttYS2D1IVAORmyQP1uu9yOTD6LdFp8d5
n+SRrpztroEnI2om6lB5szQ4RUjzHGLJz2llHqlZNm/o08SrvpFY4tWdBSvHr3I6
7RGx/dNIU0EmyIgOapdeSpnsPtgpqSgXKavj1GWqdIu5RFbEs2+BrO3b1dAtAnzF
7ilKyTJ2l6pBPEmliT1xoVtot7uuRku1N1a2vDl889ismgyrafBAV2NXPeEuZR0S
dWWhT/MWiAE=
=cqz5
-----END PGP SIGNATURE-----