summaryrefslogtreecommitdiff
path: root/.gitlab-ci.yml
diff options
context:
space:
mode:
authorkali <kali@win>2021-12-15 19:45:11 +0100
committerkali kaneko (leap communications) <kali@leap.se>2021-12-15 20:02:12 +0100
commite694a038c7edc146b63557425b307833b11aea57 (patch)
tree4cef985ee8e19c040c5eedc0daf4a302a2e49bfa /.gitlab-ci.yml
parent7ab7b8cd822dc0e4548f9cf6795567f2eeef44e1 (diff)
[bug] avoid installing in custom paths
A vulnerability in QtIFW produces improper ACLs to be set when installing in custom locations. This can lead to privilege escalation if a non-privileged user overwrites the openvpn binary. Thanks to researchers at Tenable for finding and reporting this! Impact is considered low-medium, since an installation outside of the suggested path is needed to trigger the issue. Privileged execution of openvpn should be abandoned in next release, in favor of the interactive service. A bug upstream should be filed since other projects could be affected by this vulnerability too. -Resolves: #569
Diffstat (limited to '.gitlab-ci.yml')
0 files changed, 0 insertions, 0 deletions