5 matches found
DEBIAN-CVE-2026-11837
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
CVE-2026-11837 Ansible-collection-ansible-posix: ansible.posix authorized_key: local privilege escalation via symlink-following chown
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
CVE-2026-11837
A local privilege escalation vulnerability was found in the ansible.posix authorizedkey module. The module's keyfile function uses os.chown instead of os.lchown and opens files without ONOFOLLOW when managing SSH authorized keys. An unprivileged local user can pre-stage symbolic links in their...
Symlink Race Attacks
github.com/rfjakob/gocryptfs is vulnerable to symlink race attacks. It is possible because it adopts chown instead of Lchown in creating and setting the ownership of file system and directory...
[SECURITY] New version of dump released.
The version of dump that was distributed with Debian GNU/Linux 2.1 suffers from a problem with restoring symbolic links. This has been fixed in version 0.4b9-0slink1. We recommend you upgrade your dump package immediately. This version "Uses lchown instead of chown, fixing a possible security...