Sicherheit: Fehlerhafte Zugriffsrechte in livecd-tools
Aktuelle Meldungen Distributionen
Name: Fehlerhafte Zugriffsrechte in livecd-tools
ID: FEDORA-2013-9827
Distribution: Fedora
Plattformen: Fedora 19
Datum: Mi, 12. Juni 2013, 10:20
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2069
Applikationen: livecd-tools


Name        : livecd-tools
Product : Fedora 19
Version : 19.4
Release : 1.fc19
URL : http://git.fedorahosted.org/git/livecd
Summary : Tools for building live CDs
Description :
Tools for generating live CDs on Fedora based systems including
derived distributions such as RHEL, CentOS and others. See
http://fedoraproject.org/wiki/FedoraLiveCD for more details.

Update Information:

Some fixed for running from F19 host.
The livecd-tools package provides support for reading and executing
Kickstart files in order to create a system image. It was discovered
that livecd-tools gave the root user an empty password rather than
leaving the password locked in situations where no 'rootpw' directive
was used or when the 'rootpw --lock' directive was used within the
Kickstart file, which could allow local users to gain access to the
root account. (CVE-2013-2069)

Please note that livecd-tools is also used by appliance-tools to create
images used for virtual machines, USB based systems, and so on.
Additionally, the Python script components of livecd-tools have been
broken out into a separate package named python-imgcreate on some
distributions (such as Fedora).


Red Hat would like to thank Amazon Web Services for reporting this issue.
Amazon Web Services acknowledges Sylvain Beucler as the original reporter.

[ 1 ] Bug #964299 - CVE-2013-2069 livecd-tools: improper handling of

This update can be installed with the "yum" update program. Use
su -c 'yum update livecd-tools' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Pro-Linux @Facebook
Neue Nachrichten