CVE-2006-1319

NameCVE-2006-1319
Descriptionchpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs356016

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
runit (PTS)buster2.1.2-25fixed
bullseye2.1.2-41fixed
bookworm2.1.2-54fixed
trixie, sid2.1.2-59fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
runitsourcesarge(not affected)
runitsource(unstable)1.4.1-1medium356016
Search for package or bug name: Reporting problems