Описание
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| jython | fixed | 2.7.0+repack-1 | experimental | package |
| jython | fixed | 2.7.1+repack-1 | package | |
| jython | ignored | stretch | package | |
| jython | ignored | jessie | package | |
| jython | no-dsa | wheezy | package | |
| jython | no-dsa | squeeze | package |
Примечания
http://bugs.jython.org/issue2044
The original issue seem addressed in 2.7.0+repack-1, but still files
might be created/written to /usr/share/jython/cachedir/packages
which should not be in /usr beeing a cachedir.
Связанные уязвимости
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
