Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

man-db: privilege escalation — GLSA 202310-08

A root privilege escalation through setuid executable and cron job has been discovered in man-db.

Affected packages

Package sys-apps/man-db on all architectures
Affected versions < 2.8.5
Unaffected versions >= 2.8.5

Background

man-db is a man replacement that utilizes BerkeleyDB instead of flat files.

Description

A root privilege escalation through setuid executable and cron job has been discovered in man-db. Please review the CVE identifier referenced below for details.

Impact

A local user with access to the man user or group can elevate privileges to root.

Workaround

There is no known workaround at this time.

Resolution

All man-db users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-apps/man-db-2.8.5"

References

Release date
October 08, 2023

Latest revision
October 08, 2023: 1

Severity
high

Exploitable
remote

Bugzilla entries