jakarta-commons-daemon security update
jsvc did not properly drop capabilities, therefore allowing
applications to access files owned by the super user
(CVE-2011-2729).
- Submitted by Adrian Schröter (adrianSuSE)
- Version 5156
Fixed bugs
bnc#715656
VUL-0: jakarta-commons-daemon: allows remote attackers to bypass read permissions for
CVE#CVE-2011-2729
native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote