beep: Local privilege escalation — GLSA 201805-15

A vulnerability in beep could allow local attackers to escalate privileges.

Affected packages

app-misc/beep on all architectures
Affected versions < 1.3-r3
Unaffected versions >= 1.3-r3

Background

The advanced PC speaker beeper.

Description

A race condition, if setuid, was discovered in beep.

Impact

A local attacker could escalate privileges.

Workaround

There is no known workaround at this time.

Resolution

All beep users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-misc/beep-1.3-r3"
 

References

Release date
May 30, 2018

Latest revision
May 30, 2018: 1

Severity
normal

Exploitable
remote

Bugzilla entries