Univention Bugzilla – Bug 54007
cron: Multiple issues (4.4)
Last modified: 2021-11-03 16:43:45 CET
New Debian cron 3.0pl1-128+deb9u2 fixes: This update addresses the following issues: * In the cron package through 3.0pl1-128 on Debian, and through 3.0pl1-128ubuntu2 on Ubuntu, the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. (CVE-2017-9525) * calloc return value resulting in remote dos (CVE-2019-9704) * dos(memory consumption) via a large crontab file (CVE-2019-9705) * use-after-free resulting in dos (CVE-2019-9706)
--- mirror/ftp/4.3/unmaintained/4.3-1/source/cron_3.0pl1-128+deb9u1.dsc +++ apt/ucs_4.4-0-errata4.4-8/source/cron_3.0pl1-128+deb9u2.dsc @@ -1,3 +1,30 @@ +3.0pl1-128+deb9u2 [Fri, 29 Oct 2021 23:04:48 +0300] Adrian Bunk <bunk@debian.org>: + + * Non-maintainer upload by the LTS team. + + [ Christian Kastner ] + * SECURITY: Fix bypass of /etc/cron.{allow,deny} on failure to open + If these files exist, then they must be readable by the user executing + crontab(1). Users will now be denied by default if they aren't. + (LP: #1813833) + * SECURITY: Fix for possible DoS by use-after-free + A user reported a use-after-free condition in the cron daemon, leading to a + possible Denial-of-Service scenario by crashing the daemon. + (CVE-2019-9706) (Closes: #809167) + * SECURITY: DoS: Fix unchecked return of calloc() + Florian Weimer discovered that a missing check for the return value of + calloc() could crash the daemon, which could be triggered by a very + large crontab created by a user. (CVE-2019-9704) + * Enforce maximum crontab line count of 10000 to prevent a malicious user + from creating an excessivly large crontab. The daemon will log a warning + for existing files, and crontab(1) will refuse to create new ones. + (CVE-2019-9705) + * SECURITY: group crontab to root escalation + via postinst as described by Alexander Peslyak (Solar Designer) in + http://www.openwall.com/lists/oss-security/2017/06/08/3 + (CVE-2017-9525) + * Add d/NEWS altering to the new 10000 lines limit. + 3.0pl1-128+deb9u1 [Sat, 07 Oct 2017 15:38:27 +0200] Laurent Bigonville <bigon@debian.org>: * Non-maintainer upload. <http://piuparts.knut.univention.de/4.4-8/#4461146901289592514>
OK: yaml OK: announce_errata OK: patch OK: piuparts [4.4-8] 6be06ddb68 Bug #54007: cron 3.0pl1-128+deb9u2 doc/errata/staging/cron.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) [4.4-8] bf728a2437 Bug #54007: cron 3.0pl1-128+deb9u2 doc/errata/staging/cron.yaml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+)
<https://errata.software-univention.de/#/?erratum=4.4x1079>