Debian Bug report logs -
#1006308
seatd-launch: CVE-2022-25643
Reported by: Salvatore Bonaccorso <carnil@debian.org>
Date: Wed, 23 Feb 2022 07:30:01 UTC
Severity: grave
Tags: security, upstream
Found in version seatd/0.6.3-2
Fixed in version seatd/0.6.4-1
Done: Mark Hindley <leepen@debian.org>
Reply or subscribe to this bug.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, Mark Hindley <leepen@debian.org>:
Bug#1006308; Package src:seatd.
(Wed, 23 Feb 2022 07:30:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, Mark Hindley <leepen@debian.org>.
(Wed, 23 Feb 2022 07:30:03 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Source: seatd
Version: 0.6.3-2
Severity: grave
Tags: security upstream
Justification: user security hole
X-Debbugs-Cc: carnil@debian.org, Debian Security Team <team@security.debian.org>
Hi,
The following vulnerability was published for seatd.
CVE-2022-25643[0]:
| seatd-launch in seatd 0.6.x before 0.6.4 allows removing files with
| escalated privileges when installed setuid root. The attack vector is
| a user-supplied socket pathname.
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2022-25643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25643
[1] https://lists.sr.ht/~kennylevinsen/seatd-announce/%3CETEO7R.QG8B1KGD531R1%40kl.wtf%3E
Regards,
Salvatore
Reply sent
to Mark Hindley <leepen@debian.org>:
You have taken responsibility.
(Wed, 23 Feb 2022 09:09:05 GMT) (full text, mbox, link).
Notification sent
to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer.
(Wed, 23 Feb 2022 09:09:05 GMT) (full text, mbox, link).
Message #10 received at 1006308-close@bugs.debian.org (full text, mbox, reply):
Source: seatd
Source-Version: 0.6.4-1
Done: Mark Hindley <leepen@debian.org>
We believe that the bug you reported is fixed in the latest version of
seatd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 1006308@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Mark Hindley <leepen@debian.org> (supplier of updated seatd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Wed, 23 Feb 2022 08:09:56 +0000
Source: seatd
Architecture: source
Version: 0.6.4-1
Distribution: unstable
Urgency: high
Maintainer: Mark Hindley <leepen@debian.org>
Changed-By: Mark Hindley <leepen@debian.org>
Closes: 1006308
Changes:
seatd (0.6.4-1) unstable; urgency=high
.
* New upstream version 0.6.4.
- includes fix for CVE-2022-2564: file removal with escalated privileges
via seatd-launch socket pathname (Closes: #1006308).
* Patch to workaround spurious x32 compilation error by casting.
* Improve autopkgtest output formatting.
Checksums-Sha1:
60c66887a790b34f215cdb226f3df5ce52e65637 1982 seatd_0.6.4-1.dsc
9d45ab784e95043aaa671ad6cebda0d1d6654a64 38393 seatd_0.6.4.orig.tar.gz
9d76e0428c3994b967b8a628bdd2ce1219627245 7064 seatd_0.6.4-1.debian.tar.xz
fb0933bc04de22d274e907d2ac3f4d773b3692fc 7930 seatd_0.6.4-1_amd64.buildinfo
Checksums-Sha256:
8fac01371e23549c21acf08a1801761ec40209ad8d37c30cca3a7ef59df3eb81 1982 seatd_0.6.4-1.dsc
3d4ac288114219ba7721239cafee7bfbeb7cf8e1e7fd653602a369e4ad050bd8 38393 seatd_0.6.4.orig.tar.gz
90da3e315bde34f3472eda40cfbc1ca167bb13a7acfe0954b8e4e4d8854f5561 7064 seatd_0.6.4-1.debian.tar.xz
6fcae440ccce6dd6a31f47f47be81b06709cbcaea37c1df6a14c62cd7d371992 7930 seatd_0.6.4-1_amd64.buildinfo
Files:
ed0e8a6e538319bd57dae4cc4e93c676 1982 admin optional seatd_0.6.4-1.dsc
114604a0b346a40157839d5c8c8b2ce2 38393 admin optional seatd_0.6.4.orig.tar.gz
5e371a26f9326764e20fe2d3820b3293 7064 admin optional seatd_0.6.4-1.debian.tar.xz
9e87a219caeaa2df44bffa71c673ad7e 7930 admin optional seatd_0.6.4-1_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEUGwVpCsK9aCoVCPu0opFvzKH1kkFAmIV9BEACgkQ0opFvzKH
1km5mhAAoVBjXRjSdwq3ihOzh5NeGSk8k8PKsNo2nwixyRSHgxzxdROT1rJUId45
efxpfgEJH6vb6lMpFIQ6SUYIFI5AAf1WvqM41ONjSly6uaArOvioORVYTtccnD3p
D+XRlLlGeXhO/hNheFEY6jwj6DoPSVUswio6CRRRMLSBdBJm2R7I/kDfbFo50Hfp
6MZRriCfQELJJJCCqv9RS4Wtx72MKE6rYK+VNh5T0m4q1z9UPirGEbVE+L29Xzc0
5ZnwChiI7c4OXe8fCC4XCw+P0uLdcOBQ2HpJe7FauYxN8AIgWHUjCMWDxOm9Cijm
mvNhPyENGf1x0VX7q56Zq6JWpB4dpMqWVAoSj1SIT00bEymtDI4hF9gRI807+S7W
u4EyaBvgyc2NgNSYY9RaR37kwkPtZOt4lhDQ9GkwkEI3KayU7JIrFO6RhexEfrvQ
AA2dckUCabELDpG1HY0abpiwsjVqQKKp3nSxe0cbpwE5NVRalKBuynU+cQXjXJyI
UD5kANxhekZoNGBCew63dZGMFHuchPheydo3rgsv3ZCYtbWoNI/3ak4lGvIdFZUa
LyO872rb2S+23y3zFPiunJIWcKjJXzr7+bTXpFqcnHm/0uSxibAVOIeZdnRpHM17
3CGerxccve0chYp+2UUTgG11wgrzoywQA/RWDaR06elTKvoAOKw=
=ejo4
-----END PGP SIGNATURE-----
Information forwarded
to debian-bugs-dist@lists.debian.org, Mark Hindley <leepen@debian.org>:
Bug#1006308; Package src:seatd.
(Wed, 23 Feb 2022 09:18:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Salvatore Bonaccorso <carnil@debian.org>:
Extra info received and forwarded to list. Copy sent to Mark Hindley <leepen@debian.org>.
(Wed, 23 Feb 2022 09:18:05 GMT) (full text, mbox, link).
Message #15 received at 1006308@bugs.debian.org (full text, mbox, reply):
Hi Mark,
On Wed, Feb 23, 2022 at 09:09:05AM +0000, Debian Bug Tracking System wrote:
> Format: 1.8
> Date: Wed, 23 Feb 2022 08:09:56 +0000
> Source: seatd
> Architecture: source
> Version: 0.6.4-1
> Distribution: unstable
> Urgency: high
> Maintainer: Mark Hindley <leepen@debian.org>
> Changed-By: Mark Hindley <leepen@debian.org>
> Closes: 1006308
> Changes:
> seatd (0.6.4-1) unstable; urgency=high
> .
> * New upstream version 0.6.4.
> - includes fix for CVE-2022-2564: file removal with escalated privileges
> via seatd-launch socket pathname (Closes: #1006308).
Thanks for the quick fix!
Note there is a typo in the CVE, should have been CVE-2022-25643.
Regards,
Salvatore
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#1006308; Package src:seatd.
(Wed, 23 Feb 2022 09:33:02 GMT) (full text, mbox, link).
Message #18 received at 1006308@bugs.debian.org (full text, mbox, reply):
Salvatore,
On Wed, Feb 23, 2022 at 10:14:59AM +0100, Salvatore Bonaccorso wrote:
> Thanks for the quick fix!
>
> Note there is a typo in the CVE, should have been CVE-2022-25643.
Evidently too quick!
Thanks for pointing it out.
Would you prefer a new upload to fix it now or wait for the next routine one?
Mark
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Feb 23 13:06:30 2022;
Machine Name:
bembo
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon