pesign-0.109-11.el7

エラータID: AXSA:2023-5211:03

Release date: 
Wednesday, March 8, 2023 - 04:10
Subject: 
pesign-0.109-11.el7
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The pesign packages provide the pesign utility for signing UEFI binaries as well
as other associated tools.

Security Fix(es):

* pesign: Local privilege escalation on pesign systemd service (CVE-2022-3560)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVE-2022-3560
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

Solution: 

Update packages.

CVEs: 
CVE-2022-3560
A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.
Additional Info: 

N/A

Download: 

SRPMS
  1. pesign-0.109-11.el7.src.rpm
    MD5: f85cacbfea441eac226f0f09e9701a79
    SHA-256: d61193017cfac9b6d6a00a6cec01561eff4bb605c3b55aca3c3b527264505902
    Size: 110.67 kB

Asianux Server 7 for x86_64
  1. pesign-0.109-11.el7.x86_64.rpm
    MD5: bbb2216fadf53a0a9c54b800d3ce60c7
    SHA-256: b36d930f2c655e99dd7f1078345b14a8ba0674fdd9008dfd13fcd5af0487528c
    Size: 88.17 kB