You are here
Home > Preporuke > Sigurnosni nedostatak programskog paketa beep

Sigurnosni nedostatak programskog paketa beep

  • Detalji os-a: WN7
  • Važnost: IMP
  • Operativni sustavi: L
  • Kategorije: LFE

Fedora Update Notification
2019-01-10 08:21:16.701743

Name : beep
Product : Fedora 29
Version : 1.3
Release : 26.fc29
Summary : Beep the PC speaker any number of ways
Description :
Beep allows the user to control the PC speaker with precision,
allowing different sounds to indicate different events. While it
can be run quite happily on the command line, its intended place
of residence is within shell/Perl scripts, notifying the user when
something interesting occurs. Of course, it has no notion of
what’s interesting, but it’s real good at that notifying part.

Update Information:

Security fix for CVE-2018-1000532, new non-root permissions and a few smaller
fixes. Fix a directory traversal issue introduced with the fix for
CVE-2018-1000532, and refuses to run as setuid root or via sudo to avoid any
more priviledge escalation issue. —- Security fix for CVE-2018-1000532 and a
few smaller fixes

* Sat Dec 29 2018 Hans Ulrich Niedermann <> – 1.3-26
– Stop shipping old sudo related config files
– Refuse to run when run via sudo
– Set up group ‘beep’ for write access to evdev device with new udev rule
– Update README.fedora to reflect new group permission setup on evdev device
* Fri Dec 28 2018 Hans Ulrich Niedermann <> – 1.3-25
– guard against directory traversal in /dev/input/ check
– refuse to run if setuid or setgid root
– make the evdev device the first device to look for (does not require root)
* Fri Dec 28 2018 Hans Ulrich Niedermann <> – 1.3-24
– Actually apply the patches
– Update COPYING with new FSF address
– Fix Patch9 to work as non-git patch (do the rest with shell)
– Proper naming of Patch14
– Exit beep when error accessing API
* Fri Dec 28 2018 Hans Ulrich Niedermann <> – 1.3-23
– Fix CVE-2018-1000532 and mitigate against related issues (#1595592)
– Fix a number of potential integer overflows

[ 1 ] Bug #1595591 – CVE-2018-1000532 beep: External control of file name or path via –device option

This update can be installed with the “dnf” update program. Use
su -c ‘dnf upgrade –advisory FEDORA-2018-92eff16e03’ at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list —
To unsubscribe send an email to
Fedora Code of Conduct:
List Guidelines:
List Archives:

AutorToni Vugdelija
Cert idNCERT-REF-2019-01-0001-ADV
More in Preporuke
Sigurnosni nedostatak programske biblioteke libgxps

Otkriven je sigurnosni nedostatak programske biblioteke libgxps za operacijski sustav Fedora. Otkriveni nedostatak potencijalnim udaljenim napadačima omogućuje izazivanje DoS stanja,...