CVE-2017-20147 The initscript uses a PID file that's writable by the smokeping user.

The ebuild has been updated to use a fixed PID file and the initscript has been updated to check the PID file when starting the service and only start it if the PIDs are valid. Users of this ebuild are advised to update it as soon as possible.

For more information about the ebuild and the initscript, see the ebuild changelog entry at the end of this advisory. Ebuilds are software packages used by the Gentoo community on a variety of platforms. The ebuild team maintains a list of approved ebuilds on their website. The smokeping ebuild on Gentoo is approved by the ebuild team.

CVE-2017-20148

A bug has been discovered in the smokeping service. Users of the smokeping ebuild on Gentoo are advised to upgrade as soon as possible.

Package Description smokeping is a tool that monitors the latency and bandwidth of various network interfaces. It's useful for determining when the network is congested or congestive.

References

1. https://lists.gentoo.org/pipermail/ebuilds/2017-February/133362.html
2. https://www.smokeping.com/en/

For more information about the vulnerability and how to fix it, see the CVE entry at the end of this advisory.

Timeline

Published on: 09/20/2022 18:15:00 UTC
Last modified on: 09/25/2022 16:15:00 UTC

References

• https://bugs.gentoo.org/631140
• https://security.gentoo.org/glsa/202209-08
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-20147