mirror of
https://git.yoctoproject.org/poky
synced 2026-04-03 02:02:21 +02:00
cccf6723f3
GNU inetutils through 2.4 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process. Refernces: https://nvd.nist.gov/vuln/detail/CVE-2023-40303 (From OE-Core rev: b8e2dad0650b8a80e3d85e6d87fda1a0e2fb195f) Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>