GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu May 03, 2018 12:26 am Post subject: [ GLSA 201805-01 ] hesiod |
|
|
Gentoo Linux Security Advisory
Title: hesiod: Root privilege escalation (GLSA 201805-01)
Severity: normal
Exploitable: local, remote
Date: 2018-05-02
Bug(s): #606652
ID: 201805-01
Synopsis
A vulnerability was discovered in hesiod which may allow remote
attackers to gain root privileges.
Background
DNS functionality to access to DB of information that changes
infrequently.
Affected Packages
Package: net-dns/hesiod
Vulnerable: <= 3.1.0
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in hesiod that have
remained unaddressed. Please review the referenced CVE identifiers for
details.
Impact
A remote or local attacker may be able to escalate privileges to root.
Workaround
There is no known workaround at this time.
Resolution
Gentoo has discontinued support for hesiod and recommends that users
unmerge the package:
Code: | # emerge --unmerge "net-dns/hesiod"
|
References
CVE-2016-10151
CVE-2016-10152 |
|