A vulnerability has been discovered in uptimed which could result in root privilege escalation.
|Package||app-misc/uptimed on all architectures|
|Affected versions||< 0.4.6-r1|
|Unaffected versions||>= 0.4.6-r1|
uptimed is a system uptime record daemon that keeps track of your highest uptimes.
Via unnecessary file ownership modifications in the pkg_postinst ebuild phase, the uptimed user could change arbitrary files to be owned by the uptimed user at emerge-time.
The uptimed user could achieve root privileges when the uptimed package is emerged.
There is no known workaround at this time.
All uptimed users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-misc/uptimed-0.4.6-r1"
May 03, 2023
May 03, 2023: 1