package upgrade should replace /etc/ssl/certs/ca-certificates.crt atomically
Bug #1914839 reported by
ysth
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| ca-certificates (Debian) |
Fix Released
|
Unknown
|
|||
| ca-certificates (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Bug Description
While upgrading the ca-certificates package, a process got the error:
SSL_ca_file /etc/ssl/
This file should be replaced atomically, with no time gap where the file does not exist.
(I am flagging this as a security vulnerability because, while I did not experience any security issue, I can imagine at least the possibility of this being exploitable in some way in some circumstances.)
| information type: | Private Security → Public Security |
Revision history for this message
| Steve Beattie (sbeattie) wrote | #1 |
| Changed in ca-certificates (Ubuntu): | |
| status: | New → Confirmed |
| Changed in ca-certificates (Debian): | |
| status: | Unknown → New |
| Changed in ca-certificates (Debian): | |
| status: | New → Fix Committed |
| Changed in ca-certificates (Debian): | |
| status: | Fix Committed → Fix Released |
| Changed in ca-certificates (Ubuntu): | |
| importance: | Undecided → High |
| status: | Confirmed → Triaged |
Revision history for this message
| Simon Déziel (sdeziel) wrote | #2 |
| Changed in ca-certificates (Ubuntu): | |
| status: | Triaged → Fix Released |
To post a comment you must log in.
Ah yes, /usr/sbin/
It looks like a fic was committed in debian for this a couple of weeks ago:
https:/
but has not landed there.