Ubuntu
beast package

security issue with beast wrappers

Bug #93531 reported by Stefan Westerfeld
258
Affects Status Importance Assigned to Milestone
beast (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: beast

A security problem has been found in beasts suid wrappers. The recommended way to deal with this is to upgrade the package to at least 0.7.1. Here is an excerpt from the 0.7.1 release notes:

Overview of Changes in BEAST/BSE 0.7.1:

* Fixed SUID security vulnerability by validating success of seteuid/setreuid,
  related security advisories, describing the vulnerability:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2916 # artswrapper
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4447 # X.Org

CVE References

Revision history for this message
Albert Damen (albrt) wrote :

This was fixed in Gutsy:

beast (0.6.6-9) unstable; urgency=high

  * debian/patches/011_suidmain_CVE-2006-2916_CVE-2006-4447.diff:
    + Spelling fix in error message.

And partly in Feisty:

beast (0.6.6-8) unstable; urgency=high

<snip>

  * debian/patches/011_suidmain_CVE-2006-2916_CVE-2006-4447.diff:
    + Security fix for a vulnerability in the suid wrappers similar to the
      ones found in CVE-2006-2916 and CVE-2006-4447.

Changed in beast:
status: New → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.