Skip Navigation

  • Home
  • Contact us
  • FAQ
  • Glossary
  • Public key
  • Sitemap
  • Cymraeg
  • What's new
CPNI - Centre for the Protection of National Infastructure

Advanced search

  • About CPNI
  • The threats
  • Security planning
  • Methods of attack
  • Protecting your assets
  • Products and services
    • CSIRTUK advisories
      • Advisories archive
    • General protective security publications
    • InfoSec briefings
    • InfoSec technical notes
    • InfoSec vulnerability disclosures
    • Good practice guidelines
    • Viewpoints
    • Information exchanges
    • Risk Management Delivery Group
  • Research
Home > Products and services > CSIRTUK advisories > Advisories archive > April 2005 > Fedora Update Notification: FEDORA-2005-320 - Fedora Core 3

April 2005

Fedora Update Notification: FEDORA-2005-320 - Fedora Core 3

ID: 00326
Ref: 300/2005
Date: 18 April 2005:15:03:34
Version: 1
Title: Fedora Update Notification: FEDORA-2005-320 - Fedora Core 3
Abstract: The vixie-cron package contains the Vixie version of cron. Cron is a standard UNIX daemon that runs specified programs at scheduled times. Vixie cron adds better security and more powerful configuration options to the standard version of cron.
Vendors affected: Fedora
Operating systems affected: Fedora
Applications affected: Fedora
Title
=====

Fedora Update Notification: FEDORA-2005-320 - Fedora Core 3

Detail
======

The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Vixie cron adds better security and more powerful configuration
options to the standard version of cron.


Subject: [SECURITY] Fedora Core 3 Update: vixie-cron-4.1-33_FC3

- ---------------------------------------------------------------------
Fedora Update Notification
FEDORA-2005-320
2005-04-15
- ---------------------------------------------------------------------

Product :
Name : vixie-cron
Version : 4.1
Release : 33_FC3
Summary : The Vixie cron daemon for executing specified programs at set times.
Description :
The vixie-cron package contains the Vixie version of cron. Cron is a
standard UNIX daemon that runs specified programs at scheduled times.
Vixie cron adds better security and more powerful configuration
options to the standard version of cron.

- ---------------------------------------------------------------------

o Fixes security vulnerability CAN-2005-1038
( http://www.securityfocus.com/archive/1/395093 )

o Makes filename and command line length constraints
correspond to system limits

o Improved PAM support

- ---------------------------------------------------------------------

* Thu Apr 14 2005 Jason Vas Dias - 4.1-33_FC3

- - fix bug 154922 / CAN-2005-1038: check that new crontab is
regular file after editor session ends.
- - fix bug 154575: use PATH_MAX (4096) as max filename length; also make
limits on command line and env.var. lengths sensible (131072).

* Fri Apr 8 2005 Jason Vas Dias - 4.1-33_FC3

- - do pam_close_session and pam_setcred(pamh, PAM_DELETE_CRED)
- - if fork fails

* Thu Apr 7 2005 Jason Vas Dias - 4.1-33_FC3

- - fix bug 154065: crontab's job control broken: by
- - xpid = waitpid(pid,&waiter,WUNTRACED);...
- - if( WIFSTOPPED(waiter) )... kill(getpid(),WSTOPSIG(waiter));
- - crontab should not kill itself with SIGSTOP if its child
- - gets SIGSTOP; hence it does not need the waitpid WUNTRACED flag.

* Tue Apr 5 2005 Jason Vas Dias - 4.1-33_FC3

- - Required for EAL Audit certification:
- - If pam_setcred should fail, the pam_session could fail to be
- - closed, leaving autofs user directories still mounted.

* Tue Mar 15 2005 Jason Vas Dias - 4.1-33_FC3

- - fix bug 151145: segfault if cronjob runs without any SELinux user
- - security context (eg. in a broken chroot environment)

* Fri Feb 25 2005 Jason Vas Dias - 4.1-24_FC3

- - Add an /etc/sysconfig/crond file for containing CRONDARGS and
- - settings like CRON_VALIDATE_MAILRCPTS .

* Fri Feb 25 2005 Jason Vas Dias - 4.1-24_FC3

- - Fix bug 147636 - disable silly mail recipient name checking
- - (do_command.c's safe_p()) by default . Can be enabled by
- - presence of CRON_VALIDATE_MAILRCPTS variable in crond's
- - environment - also '_'s in MAILTOs are allowed.

* Tue Jan 25 2005 Jason Vas Dias - 4.1-21_FC3

- - Fix bug 146073 - allow the 'pam_access' module to be used with
- - cron - set 'PAM_TTY' item to 'cron' .

* Mon Dec 20 2004 Jason Vas Dias - 4.1-20_FC3

- - fix bug 142953 : allow read-only crontabs + provide -p
- - 'permit all crontabs' option to disable mode checking.
- - bug 135845 fix required 'ch' to be initialized in crontab.c line 322
- - (bug 141760)

* Mon Dec 20 2004 Jason Vas Dias - 4.1-20_FC3

- - fixed all uninitialized variable warnings

* Fri Oct 15 2004 Jason Vas Dias - 4.1-19

- - crontab -e should only strip NHEADER_LINES comments
- - (NHEADER_LINES==0), not at least one header comment line.
- - (bug 135845)

* Sat Oct 9 2004 Florian La Roche - 4.1-18

- - no need to make user installed crontabs readable

* Thu Sep 30 2004 Jason Vas Dias - 4.1-17

- - Users not allowed to use 'crontab mycrontab', while
- - 'crontab < mycrontab' allowed; this is because misc.c's
- - swap_uids_back() was not using save_euid / save_egid .
- - Thanks to Mads Martin Joergensen for pointing this out.

* Wed Sep 29 2004 Jason Vas Dias - 4.1-16

- - Just found out in testing that if neither /etc/cron.{deny,allow}
- - exist, root is unable to use crontab - I'm sure root could before,
- - but is in any case meant to be able to. Allowing root to use crontab.

* Wed Sep 29 2004 Jason Vas Dias - 4.1-14

- - Fix for bug 130102 got dropped somehow from latest CVS.
- - This is now restored - in %post, if neither /etc/cron.{deny,allow}
- - exist, touch /etc/cron.deny, to allow all users to use crontab,
- - as was previous default vixie-cron behaviour.

* Fri Sep 17 2004 Jason Vas Dias - 4.1-12

- - Merged Dan's patch with vixie-cron-4.1-11 which was not
- - latest version according to new CVS ?!?!

* Fri Sep 17 2004 Dan Walsh - 4.1-12

- - Updated SELinux patch to use checkPasswdAccess

* Tue Aug 31 2004 Jason Vas Dias - 4.1-11

- - Fixed SIGSEGV in free_user when !is_selinux_enabled() and crontab
- - has no valid jobs (bug 131390).

* Wed Aug 18 2004 Jason Vas Dias - 4.1.10

- - Fixed bug 130102: Restored default behaviour if neither
- - /etc/cron.deny nor /etc/cron.allow exist - 'touch /etc/cron.deny'
- - in %post

* Wed Aug 11 2004 Jason Vas Dias - 4.1.9

- - Removed 0600 mode enforcement as per Florian La Roche's request

* Tue Aug 10 2004 Jason Vas Dias - 4.1.8

- - Allowed editors such as 'gedit' which do not modify original
- - file, but which rename(2) a temp file to original, to be used
- - by crontab -e (bug 129170).

* Tue Aug 10 2004 Jason Vas Dias - 4.1.8

- - Added '-i' option to crontab to prompt the user before deleting
- - crontab with '-r'.

* Tue Aug 10 2004 Jason Vas Dias - 4.1.8

- - Added documentation for '@' nicknames to crontab.5
- - (bugs 107542, 89899). Also removed 'second when' (bug 59802).

* Sun Aug 1 2004 Jason Vas Dias - 4.1.7

- - fixed bug 128924: 'cron' log facility not being used

* Fri Jul 30 2004 Jason Vas Dias - 4.1.6

- - Added PAM 'auth sufficient pam_rootok.so' to /etc/pam.d/crond
- - (fixes bug 128843) - on dwalsh's advice.

* Thu Jul 29 2004 Jason Vas Dias - 4.1-5

- - Added Buildrequires: pam-devel

* Wed Jul 28 2004 Dan Walsh - 4.1-4

- - Fix crontab to do SELinux checkaccess

* Wed Jul 28 2004 Jason Vas Dias - 4.1-3

- - Fixed bug 128701: cron fails to parse user 6th field in
- - system crontabs (patch15)

* Tue Jul 27 2004 Jason Vas Dias - 4.1-2

- - Changed 'Requires' dependency from 'pam-devel' to 'pam'.

* Mon Jul 26 2004 Jason Vas Dias - 4.1-1

- - Added PAM access control support.

* Thu Jul 22 2004 Jason Vas Dias - 4.1-1

- - Changed post-install to change mode of existing crontabs to
- - 0600 to allow run by new ISC cron 4.1

* Thu Jul 22 2004 Jason Vas Dias - 4.1-1

- - Upgraded to ISC cron 4.1

* Thu Jul 1 2004 Jens Petersen - 3.0.1-94

- - add vixie-cron-3.0.1-cron-descriptors-125110.patch to close std descriptors
when forking (Bernd Schmidt, 121280)
- - add vixie-cron-3.0.1-no-crontab-header-89809.patch to not prepend header to
crontab files (Damian Menscher, 103899)
- - fix use of RETVAL in init.d script (Enrico Scholz, 97784)
- - add safer malloc call to vixie-cron-3.0.1-sprintf.patch
- - add cron-3.0.1-crontab-syntax-error-114386.patch to fix looping on crontab
syntax error (Miloslav Trmac, 89937)

* Fri Jun 25 2004 Dan Walsh - 3.0.1-93

- - Add fixes from NSA

* Tue Jun 22 2004 Dan Walsh - 3.0.1-92

- - Add fixes from NSA

* Tue Jun 15 2004 Dan Walsh - 3.0.1-91

- - Change patch to check SElinux properly, go back to using fname instead of uname

* Tue Jun 15 2004 Elliot Lee

- - rebuilt

* Fri Jun 4 2004 Dan Walsh - 3.0.1-89

- - Fix patch

* Fri Jun 4 2004 Dan Walsh - 3.0.1-88

- - Add patch to allow it to run in permissive mode.

* Fri Feb 13 2004 Elliot Lee

- - rebuilt

* Wed Feb 4 2004 Dan Walsh - 3.0.1-86

- - Add security_getenforce check.

* Mon Jan 26 2004 Dan Walsh - 3.0.1-85

- - Fix call to is_selinux_enabled()

* Mon Dec 8 2003 Dan Walsh - 3.0.1-84

- - change daemon flag to 1

* Wed Dec 3 2003 Dan Walsh - 3.0.1-83

- - Add daemon to make sure child is clean

* Fri Nov 7 2003 Jens Petersen - 3.0.1-82

- - add vixie-cron-3.0.1-pie.patch to build crond as pie (#108414)
[Ulrich Drepper]
- - require libselinux and buildrequire libselinux-devel

* Thu Oct 30 2003 Dan Walsh - 3.0.1-81.sel

- - turn on selinux

* Tue Sep 30 2003 Jens Petersen - 3.0.1-80

- - add vixie-cron-3.0.1-vfork-105616.patch to use fork instead of vfork
(#105616) [report and patch from ian@caliban.org]
- - update vixie-cron-3.0.1-redhat.patch not to change DESTMAN redundantly
(it is overrriden in the spec file anyway)

* Fri Sep 5 2003 Dan Walsh - 3.0.1-79

- - turn off selinux

* Fri Sep 5 2003 Dan Walsh - 3.0.1-78.sel

- - turn on selinux

* Tue Jul 29 2003 Dan Walsh - 3.0.1-77

- - Patch to run on SELinux

* Wed Jun 4 2003 Elliot Lee

- - rebuilt

* Wed Mar 19 2003 Jens Petersen - 3.0.1-75

- - add vixie-cron-3.0.1-root_-u-85879.patch from Valdis Kletnieks to allow
root to run "crontab -u " even for users that aren't allowed to

* Wed Feb 19 2003 Jens Petersen - 3.0.1-74

- - fix preun script typo (#75137) [reported by Peter Bieringer]

* Tue Feb 11 2003 Bill Nottingham 3.0.1-73

- - don't set SIGCHLD to SIG_IGN and then try and wait... (#84046)

* Fri Feb 7 2003 Nalin Dahyabhai 3.0.1-72

- - adjust cron.d patch so that it ignores file with names that begin with '#'
or end with '~', '.rpmorig', '.rpmsave', or '.rpmnew'
- - merge hunk of buffer overflow patch into the cron.d patch

* Wed Jan 22 2003 Tim Powers

- - rebuilt

* Wed Dec 11 2002 Tim Powers 3.0.1-70

- - rebuild on all arches

* Sat Jul 20 2002 Akira TAGOH 3.0.1-69

- - vixie-cron-3.0.1-nonstrip.patch: applied to fix the stripped binary issue.

* Fri Jun 21 2002 Tim Powers

- - automated rebuild

* Mon Jun 10 2002 Bill Huang

- - Fix preun bugs.(#55340)
- - Fix fprintf bugs.(#65209)

* Thu May 23 2002 Tim Powers

- - automated rebuild

* Mon Apr 15 2002 Bill Huang

- - Fixed #62963.

* Thu Apr 4 2002 James McDermott

- - Alter behavior of crontab to take stdin as the default
behavior if no options are specified.

* Sun Jun 24 2001 Elliot Lee

- - Bump release + rebuild.

* Thu Mar 8 2001 Bill Nottingham

- - add patch from Alan Eldridge to
fix double execution of jobs (#29868)

* Sun Feb 11 2001 Bill Nottingham

- - fix buffer overflow in crontab

* Wed Feb 7 2001 Trond Eivind Glomsrød

- - fix usage string in initscript (#26533)

* Tue Feb 6 2001 Bill Nottingham

- - fix build with new glibc (#25931)

* Tue Jan 23 2001 Bill Nottingham

- - change i18n mechanism

* Fri Jan 19 2001 Bill Nottingham

- - log as 'crond', not 'CROND' (#19410)
- - account for shifts in system clock (#23230, patch from )
- - i18n-ize initscript

* Thu Aug 24 2000 Than Ngo

- - fix to set startup position correct at update

* Thu Aug 24 2000 Than Ngo

- - add /sbin/service to Prereq
- - call /sbin/service instead service
- - fix startup position (Bug #13353)

* Mon Aug 7 2000 Bill Nottingham

- - fix crond logging patch (dan@doom.cmc.msu.ru)
- - log via syslog (suggestion from jos@xos.nl)
- - put system crontab location in crontab(5) (#14842)

* Fri Jul 28 2000 Bill Nottingham

- - fix condrestart

* Fri Jul 21 2000 Bill Nottingham

- - fix reload bug (#14065)

* Fri Jul 14 2000 Bill Nottingham

- - move initscript back

* Thu Jul 13 2000 Prospector

- - automatic rebuild

* Thu Jul 6 2000 Bill Nottingham

- - prereq /etc/init.d

* Mon Jul 3 2000 Bill Nottingham

- - fix %post; we do condrestart in %postun

* Thu Jun 29 2000 Bill Nottingham

- - oops, fix init script

* Tue Jun 27 2000 Bill Nottingham

- - require new initscripts, not prereq

* Mon Jun 26 2000 Bill Nottingham

- - initscript hacks

* Wed Jun 14 2000 Nalin Dahyabhai

- - tweak logrotate config

* Sun Jun 11 2000 Bill Nottingham

- - rebuild in new env.
- - FHS fixes
- - don't ship chkconfig links

* Fri Mar 31 2000 Bill Nottingham

- - fix non-root builds (#10490)

* Sun Mar 26 2000 Florian La Roche

- - do not remove log files

* Thu Feb 3 2000 Bill Nottingham

- - handle compressed man pages

* Fri Sep 10 1999 Bill Nottingham

- - chkconfig --del in %preun, not %postun

* Wed Aug 25 1999 Bill Nottingham

- - fix buffer overflow

* Mon Aug 16 1999 Bill Nottingham

- - initscript munging

* Fri Jul 30 1999 Michael K. Johnson

- - dayofmonth and month can't be 0

* Thu Jun 3 1999 Jeff Johnson

- - in cron.log use "kill -HUP pid" not killall to preserve errors (#2241).

* Wed Apr 14 1999 Michael K. Johnson

- - add note to man page about DST conversion causing strangeness
- - documented cron.d patch

* Tue Apr 13 1999 Michael K. Johnson

- - improved cron.d patch

* Mon Apr 12 1999 Erik Troan

- - added cron.d patch

* Tue Mar 23 1999 Bill Nottingham

- - logrotate changes

* Tue Mar 23 1999 Preston Brown

- - clean up log files on deinstallation

* Sun Mar 21 1999 Cristian Gafton

- - auto rebuild in the new build environment (release 28)

* Wed Dec 30 1998 Cristian Gafton

- - build for glibc 2.1

* Wed Jun 10 1998 Prospector System

- - translations modified for de

* Wed Jun 10 1998 Jeff Johnson

- - reset SIGCHLD before grandchild execle (problem #732)

* Sat May 2 1998 Cristian Gafton

- - enhanced initscript

* Mon Apr 27 1998 Prospector System

- - translations modified for de, fr, tr

* Thu Dec 11 1997 Cristian Gafton

- - added a patch to get rid of the dangerous sprintf() calls
- - added BuildRoot and Prereq: /sbin/chkconfig

* Sun Nov 9 1997 Michael K. Johnson

- - fixed cron/crond dichotomy in init file.

* Wed Oct 29 1997 Donnie Barnes

- - fixed bad init symlinks

* Thu Oct 23 1997 Erik Troan

- - force it to use SIGCHLD instead of defunct SIGCLD

* Mon Oct 20 1997 Erik Troan

- - updated for chkconfig
- - added status, restart options to init script

* Tue Jun 17 1997 Erik Troan

- - built against glibc

* Wed Feb 19 1997 Erik Troan

- - Switch conditional from "axp" to "alpha"


- ---------------------------------------------------------------------
This update can be downloaded from:
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/3/

fbc4cd5b0250e100d7248a8918db3db2 SRPMS/vixie-cron-4.1-33_FC3.src.rpm
61dabc38f4d172c9324e1e5325967477 x86_64/vixie-cron-4.1-33_FC3.x86_64.rpm
97a09afc99217befd111ff3b6ec807d7 x86_64/debug/vixie-cron-debuginfo-4.1-33_FC3.x86_64.rpm
007fbd960d6905a8371cc30a11cbed93 i386/vixie-cron-4.1-33_FC3.i386.rpm
fa82ed54e99044febcfbaa00c8215763 i386/debug/vixie-cron-debuginfo-4.1-33_FC3.i386.rpm

This update can also be installed with the Update Agent; you can
launch the Update Agent with the 'up2date' command.
- ---------------------------------------------------------------------

- --
fedora-announce-list mailing list
fedora-announce-list@redhat.com
http://www.redhat.com/mailman/listinfo/fedora-announce-list
  • Accessibility |
  • Terms and conditions |
  • Privacy statement |
  • Data protection act |
  • Freedom of information |