cron 3.0pl1-128.1ubuntu1.1 source package in Ubuntu


cron (3.0pl1-128.1ubuntu1.1) bionic-security; urgency=medium

  * SECURITY UPDATE: privilege escalation in postinst script
    - Add sanity checks over the entries in spool directory and
      set up owner and group accordingly in debian/postinst
    - CVE-2017-9525
  * SECURITY UPDATE: denial of service via large file
    - Add sanity check in case of running out of memory when
      parsing the file in entry.c
    - CVE-2019-9704
  * SECURITY UPDATE: denial of service via large file
    - Add sanity check to ensure that no more than 1000 lines of
      length are allowed in crontabs in cron.h, crontab.c and
    - CVE-2019-9705
  * SECURITY UPDATE: denial of service by use-after-free
    - Add return values when there is no memory available
      in database.c
    - CVE-2019-9706

 -- David Fernandez Gonzalez <email address hidden>  Fri, 29 Apr 2022 11:16:53 +0200

Upload details

Uploaded by:
David Fernandez Gonzalez
Uploaded to:
Original maintainer:
Ubuntu Developers
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section


File Size SHA-256 Checksum
cron_3.0pl1.orig.tar.gz 57.9 KiB d931e0688005dfa85cfdb60e19bf0a3848ebfa3ee3415bf2a6ea3ea9e5bcfd21
cron_3.0pl1-128.1ubuntu1.1.diff.gz 99.7 KiB 89ab6c82b2d5adf60fedaa8b42669a105f3496951e3838e0f37e081a55bbec57
cron_3.0pl1-128.1ubuntu1.1.dsc 1.9 KiB e6c68852fdd28dcbef37d612f83a59dbac995bb54e0cafe893c6c2cefb6debb5

View changes file

Binary packages built by this source

cron: process scheduling daemon

 The cron daemon is a background process that runs particular programs at
 particular times (for example, every minute, day, week, or month), as
 specified in a crontab. By default, users may also create crontabs of
 their own so that processes are run on their behalf.
 Output from the commands is usually mailed to the system administrator
 (or to the user in question); you should probably install a mail system
 as well so that you can receive these messages.
 This cron package does not provide any system maintenance tasks. Basic
 periodic maintenance tasks are provided by other packages, such
 as checksecurity.

cron-dbgsym: debug symbols for cron