Candidate: CVE-2018-14348
PublicDate: 2018-08-14 18:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14348
 https://sourceforge.net/p/libcg/libcg/ci/0d88b73d189ea3440ccaab00418d6469f76fa590/
Description:
 libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666
 regardless of the configured umask, leading to disclosure of information.
Ubuntu-Description:
 It was discovered that libcgroup incorrectly handled log file permissions. An
 attacker could possibly use thise issue to obtain sensitive information.
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N [8.1 HIGH]


Patches_libcgroup:
upstream_libcgroup: needs-triage
precise/esm_libcgroup: DNE
trusty_libcgroup: ignored (out of standard support)
trusty/esm_libcgroup: needed
xenial_libcgroup: ignored (end of standard support, was needed)
bionic_libcgroup: needed
cosmic_libcgroup: ignored (reached end-of-life)
disco_libcgroup: ignored (reached end-of-life)
eoan_libcgroup: not-affected (0.41-10)
focal_libcgroup: not-affected (0.41-10)
groovy_libcgroup: not-affected (0.41-10)
hirsute_libcgroup: not-affected (0.41-10)
impish_libcgroup: not-affected (0.41-10)
jammy_libcgroup: not-affected (0.41-10)
devel_libcgroup: not-affected (0.41-10)