Overview
Request 765843 accepted
- fix CVE-2019-18899 (bsc#1157703): the systemd service configuration in
apt-cacher-ng.service did run apt-cacher-ng as root while /run/apt-cacher-ng
was created for the apt-cacher-ng user via systemd-tmpfiles. A compromised
apt-cacher-ng could have performed symlink attacks in /run/apt-cacher-ng to
cause writes to privileged file system locations by root. Furthermore the
socket path /run/apt-cacher-ng/socket could have been replaced by an
attacker owned socket, thereby allowing him to hijack privileged client
connections to apt-cacher-ng. Additional unexplored security issues could
have been possible.
To fix this use the upstream service file with correct privilege drop
configuration. During update the ownership of /var/log/apt-cacher-ng and
/var/cache/apt-cacher-ng as well as a possibly already running apt-cacher-ng
instance (files in /run/apt-cacher-ng) need to be fixed in %pre, %post.
- add CVE-2020-5202.patch: fixes bsc#1157706, CVE-2020-5202. A local user
account that managed to listen on localhost:3142 before the actual
apt-cacher-ng systemd service did could have intercepted client traffic sent
by e.g. root via the cron job /etc/cron.daily/apt-cacher-ng, possibly
including authentication credentials.
Request History
mgerstner created request
- fix CVE-2019-18899 (bsc#1157703): the systemd service configuration in
apt-cacher-ng.service did run apt-cacher-ng as root while /run/apt-cacher-ng
was created for the apt-cacher-ng user via systemd-tmpfiles. A compromised
apt-cacher-ng could have performed symlink attacks in /run/apt-cacher-ng to
cause writes to privileged file system locations by root. Furthermore the
socket path /run/apt-cacher-ng/socket could have been replaced by an
attacker owned socket, thereby allowing him to hijack privileged client
connections to apt-cacher-ng. Additional unexplored security issues could
have been possible.
To fix this use the upstream service file with correct privilege drop
configuration. During update the ownership of /var/log/apt-cacher-ng and
/var/cache/apt-cacher-ng as well as a possibly already running apt-cacher-ng
instance (files in /run/apt-cacher-ng) need to be fixed in %pre, %post.
- add CVE-2020-5202.patch: fixes bsc#1157706, CVE-2020-5202. A local user
account that managed to listen on localhost:3142 before the actual
apt-cacher-ng systemd service did could have intercepted client traffic sent
by e.g. root via the cron job /etc/cron.daily/apt-cacher-ng, possibly
including authentication credentials.
factory-auto accepted review
Check script succeeded
licensedigger accepted review
ok
maintbot accepted review
ok
maintbot approved review
ok
rfrohl moved maintenance target to openSUSE:Maintenance:11842
rfrohl accepted request
accepted request 765843:Thanks!
For information about the update, see https://build.opensuse.org/project/maintenance_incidents/openSUSE:Maintenance
home:mgerstner:branches:openSUSE:Leap:15.1:Update/apt-cacher-ng@448852e8c9eec856fbc1bdc1aff86bf7 -> openSUSE:Leap:15.1:Update/apt-cacher-ng
expected origin is 'openSUSE:Leap:15.0' (changed)