First published: Tue Sep 13 2016(Updated: )
It was found that mock's scm plug-in would parse a given spec file with root priviliges. This could allow an attacker who is able to start a build of an rpm with a specially crafted spec file within mock's environment to elevate their priviliges and escape the chroot. The vulnerable code in scm.py is: ts = rpm.ts() rpm_spec = ts.parseSpec(self.spec) # the spec file is parsed as root self.name = rpm.expandMacro("%{name}")
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fedoraproject Fedora | =23 | |
Fedoraproject Fedora | =24 | |
Fedoraproject Fedora | =25 | |
Mock Project Scm Plugin |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.