CVE-2019-3461 in Ubuntu

CVE-2019-3461

Priority

Description

Debian tmpreaper version 1.6.13+nmu1 has a race condition when doing a
(bind) mount via rename() which could result in local privilege escalation.
Mounting via rename() could potentially lead to a file being placed
elsewhereon the filesystem hierarchy (e.g. /etc/cron.d/) if the directory
being cleaned up was on the same physical filesystem. Fixed versions
include 1.6.13+nmu1+deb9u1 and 1.6.14.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3461
https://ubuntu.com/security/notices/USN-4077-1

Bugs

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=918956

Notes

ebarretto

Version on trusty needs the fix, but the fix depends on bind mounts
from util-linux package. And the util-linux in trusty doesn't
contain that feature. We could use another solution but I am not
sure how this might affect the race condition.

Package

Source: tmpreaper (LP Ubuntu Debian)

Upstream:	released (1.6.14)
Ubuntu 18.04 LTS:	released (1.6.13+nmu1+deb9u1build0.18.04.1)
Ubuntu 20.04 LTS:	not-affected (1.6.14)
Ubuntu 21.10:	not-affected (1.6.14)
Ubuntu 22.04 LTS:	not-affected (1.6.14)
Ubuntu 14.04 ESM:	needed

Patches:

More Information

Updated: 2022-04-25 00:43:48 UTC (commit ecc1009cb19540b950de59270950018900f37f15)