Comment 6 for bug 46649

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cron - 3.0pl1-105ubuntu1.1

---------------
cron (3.0pl1-105ubuntu1.1) jaunty-security; urgency=low

  * SECURITY UPDATE: cron does not check the return code of setgid() and
    initgroups(), which under certain circumstances could cause applications
    to run with elevated group privileges. Note that the more serious issue
    of not checking the return code of setuid() was fixed in 3.0pl1-64.
    (LP: #46649)
    - do_command.c: check return code of setgid() and initgroups()
    - CVE-2006-2607

 -- Jamie Strandboge <email address hidden> Tue, 12 May 2009 12:37:40 -0500