Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 30 Jan 2014 23:30:51 +0100
From: Martin Carpenter <>
Subject: CVE request: enlightenment sysactions


Red Hat Security suggested I request a CVE here since this potentially
effects multiple distros/maintainers. The Enlightenment window manager
( was found to ship with (a) a setuid root helper that
did not effectively sanitize its environment and (b) a weak default
configuration. Users in select groups could exploit this to execute
arbitrary programs as root.

This was fixed upstream in 3 commits each for both e17 and e18 branches,
with two new releases shipped shortly after:
  0.17.6, Dec  4th 2013: [1], [2], [3]
  0.18.0, Dec 21st 2013: [4], [5], [6]

Fedora has a bug filed against it at [7] referencing the e18 commits.




Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ