A quick note to say this is taking longer than expected as another problem has been identified and we want to try and fix them all at once.
David Adam zanc...@ucc.gu.uwa.edu.au On Mon, 28 Apr 2014, David Adam wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi all, > > fish 2.1.1 will be released shortly, correcting two security vulnerabilities > and reducing the scope of a further security vulnerability. > > fish 2.1.1 will be made available as source and binary packages at > http://fishshell.com/. > > The following security vulnerabilities have been identified in the fish shell: > > CVE-2014-2905: fish universal variable socket vulnerable to permission bypass > leading to privilege escalation > > fish, from at least version 1.16.0 to version 2.1.0 (inclusive), does not > check the credentials of processes communicating over the fishd universal > variable server UNIX domain socket. This allows a local attacker to elevate > their privileges to those of a target user running fish, including root. > > fish version 2.1.1 is not vulnerable. > > No workaround is currently available for earlier versions of fish. > > https://github.com/fish-shell/fish-shell/issues/1436 > > CVE-2014-2906: fish temporary file creation vulnerable to race condition > leading to privilege escalation > > fish, from at least version 1.16.0 to version 2.1.0 (inclusive), creates > temporary files in an insecure manner. > > Versions 1.23.0 to 2.1.0 (inclusive) execute code from these temporary > files, > allowing privilege escalation to those of any user running fish, including > root. > > Additionally, from at least version 1.16.0 to version 2.1.0 (inclusive), > fish will read data using the psub function from these temporary files, > meaning that the input of commands used with the psub function is under the > control of the attacker. > > fish version 2.1.1 is not vulnerable. > > No workaround is currently available for earlier versions of fish. > > https://github.com/fish-shell/fish-shell/issues/1437 > > CVE-2014-2914: fish web interface does not restrict access leading to remote > code execution > > fish, from version 2.0.0 to version 2.1.0 (inclusive), fails to restrict > connections to the Web-based configuration service (fish_config). This > allows remote attackers to execute arbitrary code in the context of the user > running fish_config. > > The service is generally only running for short periods of time. > > fish version 2.1.1 restricts incoming connections to localhost only. At this > stage, users should avoid running fish_config on systems where there are > untrusted local users, as they are still able to connect to the fish_config > service and elevate their privileges to those of the user running > fish_config. > > No workaround is currently available for earlier versions of fish, although > the use of the fish_config tool is optional as other interfaces to fish > configuration are available. > > https://github.com/fish-shell/fish-shell/issues/1438 > > David Adam > fish committer > zanc...@ucc.gu.uwa.edu.au > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.12 (GNU/Linux) > > iQIcBAEBAgAGBQJTXcFWAAoJEMC5abKXToiOCZgP/iw0qKD+3WIfUDHvB3sdaZM9 > y2mZiE3fSotmL2Sa856pAYapdmv1fIEKnG4EYyefvqStRABaYWjyOka1d6RKMjcs > e4H8qTBtEcsiSUQj9CltxdRl5qV7RJy89Q6+KhD97nPygx2D7zFVRH1VFZ/xH7fT > ffsR/bf80X9ZakObCg/QgJhYA9Af49wdZJKM7PMyZErikj8ucJEZXSb1U59puaAb > VmeGb/O7uRnGFyDgKmJkIa/XoK1Opl6OP6VknLEJJIMDtjFGX7epcpkFBWhwHamA > nOodFEUyV1GWK9dcH0+S2PDL1c/YWhnsCE056ISdrG1rNkQvAbQPUysGMEusNgYJ > eIW6qCoGwu5oeU9T5Mwa4GEGbYMeHmx9F7r0/bkphDn1znD/dLEY436ZqYSKMoAz > Qy4J75ERDemN6Tg1d8rrqWBgvKZxg3ozgoV45eNgPXtv/FhQ/P+jRJVZCghzEZjw > Q9z/lC723TjOEdReeTrHF3bkEQ9YT3EaYCkYMjEOgcOd8gRZ2URXgplITxxGfUaQ > qlnbRzH5wkBdBwb+6bSDoFJ4SNAhB6JlKeQiFBxRvjogQHkv2wDiLRUv9nfYkIHn > eFtK/SSJlySZtcbJ37wk4h6YJ5RECAv1taHpJRi5CHmY2eNkPQwo6OpYgj68Rg+B > sIauZ3PVnlrOZTUGRquc > =HrEo > -----END PGP SIGNATURE----- > > ------------------------------------------------------------------------------ > "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE > Instantly run your Selenium tests across 300+ browser/OS combos. Get > unparalleled scalability from the best Selenium testing platform available. > Simple to use. Nothing to install. Get started now for free." > http://p.sf.net/sfu/SauceLabs > _______________________________________________ > Fish-users mailing list > Fish-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/fish-users > Cheers, David Adam zanc...@ucc.gu.uwa.edu.au Ask Me About Our SLA! ------------------------------------------------------------------------------ "Accelerate Dev Cycles with Automated Cross-Browser Testing - For FREE Instantly run your Selenium tests across 300+ browser/OS combos. Get unparalleled scalability from the best Selenium testing platform available. Simple to use. Nothing to install. Get started now for free." http://p.sf.net/sfu/SauceLabs _______________________________________________ Fish-users mailing list Fish-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/fish-users
