Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2015:0292-1

Опубликовано: 30 янв. 2015
Источник: suse-cvrf

Описание

Security update for elfutils

elfutils was updated to fix one security issue.

This security issue was fixed:

  • Directory traversal vulnerability in the read_long_names function (CVE-2014-9447).

Список пакетов

SUSE Linux Enterprise Desktop 12
elfutils-0.158-6.1
libasm1-0.158-6.1
libdw1-0.158-6.1
libdw1-32bit-0.158-6.1
libebl1-0.158-6.1
libebl1-32bit-0.158-6.1
libelf1-0.158-6.1
libelf1-32bit-0.158-6.1
SUSE Linux Enterprise Server 12
elfutils-0.158-6.1
libasm1-0.158-6.1
libasm1-32bit-0.158-6.1
libdw1-0.158-6.1
libdw1-32bit-0.158-6.1
libebl1-0.158-6.1
libebl1-32bit-0.158-6.1
libelf1-0.158-6.1
libelf1-32bit-0.158-6.1
SUSE Linux Enterprise Server for SAP Applications 12
elfutils-0.158-6.1
libasm1-0.158-6.1
libasm1-32bit-0.158-6.1
libdw1-0.158-6.1
libdw1-32bit-0.158-6.1
libebl1-0.158-6.1
libebl1-32bit-0.158-6.1
libelf1-0.158-6.1
libelf1-32bit-0.158-6.1
SUSE Linux Enterprise Software Development Kit 12
libasm-devel-0.158-6.1
libdw-devel-0.158-6.1
libebl-devel-0.158-6.1
libelf-devel-0.158-6.1

Ссылки

Описание

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

Затронутые продукты
SUSE Linux Enterprise Desktop 12:elfutils-0.158-6.1
SUSE Linux Enterprise Desktop 12:libasm1-0.158-6.1
SUSE Linux Enterprise Desktop 12:libdw1-0.158-6.1
SUSE Linux Enterprise Desktop 12:libdw1-32bit-0.158-6.1
Ссылки