Posted on | May 6, 2008 | Comments Off
For those of you who use SRCE and keep up to date on news via this blog, an interim security release is available that fixes a potential privilege escalation issue in srce-execd.
From the announcement on srce-devel / srce-users:
A security release (1.0.8) that addresses a potential privilege escalation issue is now available. You can download 1.0.8 at the SRCE development site or Sharesource. Those of you who are running modified copies of SRCE can upgrade with a very simple patch available here. Thanks again to Corey Henderson for finding this issue and sending a patch to correct it.
I’m extending the window for the maintenance release to allow for several other improvements sent in by Corey. Since the issue is potentially nasty, an interim security release is called for.