GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Tue Apr 23, 2019 2:26 am Post subject: [ GLSA 201904-22 ] OpenDKIM |
 |
|
Gentoo Linux Security Advisory
Title: OpenDKIM: Root privilege escalation (GLSA 201904-22)
Severity: normal
Exploitable: remote
Date: 2019-04-22
Bug(s): #629914
ID: 201904-22
Synopsis
A vulnerability was discovered in Gentoo's ebuild for OpenDKIM
which could lead to root privilege escalation.
Background
A community effort to develop and maintain a C library for producing
DKIM-aware applications and an open source milter for providing DKIM
service.
Affected Packages
Package: mail-filter/opendkim
Vulnerable: < 2.10.3-r8
Unaffected: >= 2.10.3-r8
Architectures: All supported architectures
Description
It was discovered that Gentoo’s OpenDKIM ebuild does not properly set
permissions or place the pid file in a safe directory.
Impact
A local attacker could escalate privileges.
Workaround
Users should ensure the proper permissions are set as discussed in the
referenced bugs.
Resolution
All OpenDKIM users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=mail-filter/opendkim-2.10.3-r8"
|
|
|
News & Announcements
