{"id":"MGASA-2021-0297","summary":"Updated trousers packages fix security vulnerabilities","details":"An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is \nstarted with root privileges instead of by the tss user, it fails to drop the\nroot gid privilege when no longer needed (CVE-2020-24330).\n\nAn issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started\nwith root privileges, the tss user still has read and write access to the\n/etc/tcsd.conf file (which contains various settings related to this daemon)\n(CVE-2020-24331).\n\nAn issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is\nstarted with root privileges, the creation of the system.data file is prone to\nsymlink attacks. The tss user can be used to create or corrupt existing files,\nwhich could possibly lead to a DoS attack (CVE-2020-24332).\n","modified":"2026-04-16T04:44:15.933502029Z","published":"2021-06-28T22:51:23Z","upstream":["CVE-2020-24330","CVE-2020-24331","CVE-2020-24332"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2021-0297.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26658"},{"type":"WEB","url":"https://www.openwall.com/lists/oss-security/2020/08/14/1"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SSDL7COIFCZQMUBNAASNMKMX7W5JUHRD/"}],"affected":[{"package":{"name":"trousers","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/trousers?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.3.14-4.2.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2021-0297.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}