| Errata ID | 616 |
|---|---|
| Date | 2019-03-27 |
| Source package | cron |
| Fixed in version | 3.0pl1-127+deb8u2 |
| Description | This update addresses the following issues: * In the cron package the postinst maintainer script allows for group-crontab-to-root privilege escalation via symlink attacks against unsafe usage of the chown and chmod programs. (CVE-2017-9525) * calloc() return value resulting in remote DoS (CVE-2019-9704) * DoS(memory consumption) via a large crontab file (CVE-2019-9705) * Use-after-free resulting in DoS (CVE-2019-9706) |
| Additional notes | |
| CVE ID | CVE-2017-9525 CVE-2019-9704 CVE-2019-9705 CVE-2019-9706 |
| UCS Bug number | #49066 |
