etc-update in Portage before 2.1.3.11 on Gentoo Linux...
Low severity
Unreviewed
Published
May 1, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Dec 15, 2007
Published to the GitHub Advisory Database
May 1, 2022
Last updated
Jan 31, 2023
etc-update in Portage before 2.1.3.11 on Gentoo Linux relies on the umask to set permissions for the merge file, often resulting in permissions weaker than those of the original files, which might allow local users to obtain sensitive information by reading the merge file.
References