-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Package : tenshi Version : 0.13-2+deb7u1 CVE ID : CVE-2017-11746 Debian Bug : 871321
Tenshi creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill `cat /pathname/tenshi.pid`" command. For Debian 7 "Wheezy", these problems have been fixed in version 0.13-2+deb7u1. We recommend that you upgrade your tenshi packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEjtbD+LrJ23/BMKhw+COicpiDyXwFAlmjEN4ACgkQ+COicpiD yXxkHw//c0nsYXKypusHKMU1Jr3b/KsC6NfvEUCr2UL7Z/MOFflWSccMDMCqmuRK STfmiyl5CWXlGUHzRbMcJAtKNIgSeMZywqk/jxxGchdhd2vmrxoXV29NXK6iNVMB EaL2RiA2SjPaQ2ZxzcRVpmcz+4wru3fy9Q9wRg/zEUCM6iJf9/dkCG4KxzR1LejB CH3ShO339j/d+iDLPBasBl1mD1Sh8H1xZVFnmR+iOIncd97J+n6XnxlRx2cI+CY5 0RGQ1AgzLu05XMv0RmTK1gvZ9zT8xgeTtwvE+jjpEPOljohiyikat7pts6yeoJ7u el8kBHgnelTV6b3Pg3skud6NOxwWiVeukK7q5DP1jRZs+A3u/kGbwja8RSy0Outj IKOPl/FP0dij9PDGFoclguIrxOrmrIaGuJ/2zP9LIfARybsiCtprmSN3UkvqxNAs goSO1V1KNbKMAdqpe5cuGyEY0ln6t4r0WYZwj9E7uYx5aTt8GMMkzLW9csW+0tCg lgRJzDxXD/qH56WxY+gO0L1K+9rz5C8wJKX0B+gwBLL8aFG8Jo0rHgUSOsT2r52D 60T947ea7skFcCPmhikVOA6/7PJlBFWcqYZLduT2KcM/Fx6zx6bRmXaCWBOZAiwl 5tuu3QJfLQhEaMcqGNAHx/XRlKrizMMb3PVaYEpwWK7XA22+/Ys= =lSJZ -----END PGP SIGNATURE-----
