Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2018.2446 libcgroup - security update 21 August 2018 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: libcgroup Publisher: Debian Operating System: Debian GNU/Linux 8 Linux variants Impact/Access: Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2018-14348 Original Bulletin: https://security-tracker.debian.org/tracker/DLA-1472-1 Comment: This advisory references vulnerabilities in products which run on platforms other than Debian. It is recommended that administrators running libcgroup check for an updated version of the software for their operating system. - --------------------------BEGIN INCLUDED TEXT-------------------- - -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : libcgroup Version : 0.41-6+deb8u1 CVE ID : CVE-2018-14348 Debian Bug : 906308 The cgrulesengd daemon in libcgroup creates log files with world readable and writable permissions due to a reset of the file mode creation mask (umask(0)). For Debian 8 "Jessie", this problem has been fixed in version 0.41-6+deb8u1. We recommend that you upgrade your libcgroup packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS - -----BEGIN PGP SIGNATURE----- iQKTBAEBCgB9FiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlt7LCJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQACgkQ2a0UuVE7 UeTl0Q//SlqU7aUuzkJP41oUH4ChmWDQDt9+80a4M1QbsLHY1XBJTCVVtTG2OF2+ 4r8L+zTfwXUnzJbqLFZiw2iq+kyKLoalCOnhMuiD9kVPF+3YpuQgJhTuBKyAZmsd yv66XzZ89Uss54AJFfXqxpxZKJIZWlBuTFBJu6rMW0+vYr44skHJqasgCqLAezIg 9peS4B1+1ti73XksjiYSYmXYPyNHU3Wjvh8ac+AMmPwH/o4aYg92w1j1ZUTb3F57 fZLhRJyCzJwxifmAI4T1OOI8MxUeg2inn+KxrmOkgOzauF0NTh9OAmB2xFk/2Mq5 cbeBArTY2vq68G28bDc3miCmxtnslEZcbTAzGjcvbvrMU6QrpyfJi1GSI3CycUuO QMi0N2//4uB0Aq2x0ilo+7hYpNsQ4Mx3vDsS/M3VhGZuBJ9WW6JWT80zq7BPZotz wLHv4w9GtMe53Zhg+Y6cgnQTHQ9eLxL1SIOtQ1ozKe1BIpcGyLsYtJWRCR21bIga GxWX7FIrPzXWnORPRUDnCyL34u/ZahDdMWFQlZxFQRHlPeOOvbjIbCZM1+RSur7C EK72KywmIgdedsmTQgED6uG+9yl1Xv72FGNiSGkwniEmdgW2DznT6Nr50oeKgLti QNMU++SQHfXZ+oG0xw2itmrQxw54b/hQa0FSRh3BY9kRi20/M1I= =PulW - -----END PGP SIGNATURE----- - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBW3tiS2aOgq3Tt24GAQhd8A/+OMXGXKtImamI1MzHawQIkeeRBIg93/LJ rzYG2nQO3VIcLP1sxgAnYTy0kYxJWnya6WYDRYqNJ2bnR8koh0bo+0A2YDf7H08W 7M92Hv6E9azZDJtEsv6htbIi8FV6IuP+ytv6f1lR8reFmIrhzLSBRY1jN1tcJH4M ID/u/e4cBPEV4jdbQoNY9j1iHbHss9G97jCYoGf1atCYmQCVFytkedhdRNtvbeJv TI6uicpZjoZi+UfLQIaLhq5NS1x4zpU14+av0+PRC/Q8LPf5eJ/0mDXseaA1khL/ LEqUek/HKPHXjFzbOwlC4Q9kd9wnCd/jHoGVc1PzHJWlEvjgtzQgqfb1r+VEh73F lGZe2RCqM2yn1tzpKhZctkk/7i1EphtM54SlXZ8vfrtsvqjOkHCJwQ5bRC3/isSy fVvxeSuFiWZVuW4f90J1jahpnoL87pQ8ttYS2D1IVAORmyQP1uu9yOTD6LdFp8d5 n+SRrpztroEnI2om6lB5szQ4RUjzHGLJz2llHqlZNm/o08SrvpFY4tWdBSvHr3I6 7RGx/dNIU0EmyIgOapdeSpnsPtgpqSgXKavj1GWqdIu5RFbEs2+BrO3b1dAtAnzF 7ilKyTJ2l6pBPEmliT1xoVtot7uuRku1N1a2vDl889ismgyrafBAV2NXPeEuZR0S dWWhT/MWiAE= =cqz5 -----END PGP SIGNATURE-----