SUSE-SU-2015:0434-1

Опубликовано: 18 фев. 2015

Источник: suse-cvrf

Описание

Security update for elfutils

elfutils has been updated to fix one security issue:

* CVE-2014-9447: Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allowed remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program (bnc#911662).

Security Issues:

* CVE-2014-9447 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447>

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

elfutils-0.152-4.9.17

libasm1-0.152-4.9.17

libdw1-0.152-4.9.17

libdw1-32bit-0.152-4.9.17

libebl1-0.152-4.9.17

libebl1-32bit-0.152-4.9.17

libelf1-0.152-4.9.17

libelf1-32bit-0.152-4.9.17

SUSE Linux Enterprise Server 11 SP3

elfutils-0.152-4.9.17

libasm1-0.152-4.9.17

libasm1-32bit-0.152-4.9.17

libdw1-0.152-4.9.17

libdw1-32bit-0.152-4.9.17

libdw1-x86-0.152-4.9.17

libebl1-0.152-4.9.17

libebl1-32bit-0.152-4.9.17

libebl1-x86-0.152-4.9.17

libelf1-0.152-4.9.17

libelf1-32bit-0.152-4.9.17

libelf1-x86-0.152-4.9.17

SUSE Linux Enterprise Server 11 SP3-TERADATA

elfutils-0.152-4.9.17

libasm1-0.152-4.9.17

libasm1-32bit-0.152-4.9.17

libdw1-0.152-4.9.17

libdw1-32bit-0.152-4.9.17

libdw1-x86-0.152-4.9.17

libebl1-0.152-4.9.17

libebl1-32bit-0.152-4.9.17

libebl1-x86-0.152-4.9.17

libelf1-0.152-4.9.17

libelf1-32bit-0.152-4.9.17

libelf1-x86-0.152-4.9.17

SUSE Linux Enterprise Server for SAP Applications 11 SP3

elfutils-0.152-4.9.17

libasm1-0.152-4.9.17

libasm1-32bit-0.152-4.9.17

libdw1-0.152-4.9.17

libdw1-32bit-0.152-4.9.17

libdw1-x86-0.152-4.9.17

libebl1-0.152-4.9.17

libebl1-32bit-0.152-4.9.17

libebl1-x86-0.152-4.9.17

libelf1-0.152-4.9.17

libelf1-32bit-0.152-4.9.17

libelf1-x86-0.152-4.9.17

SUSE Linux Enterprise Software Development Kit 11 SP3

libasm-devel-0.152-4.9.17

libdw-devel-0.152-4.9.17

libebl-devel-0.152-4.9.17

libelf-devel-0.152-4.9.17

libelf1-32bit-0.152-4.9.17

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20150434-1/
Link for SUSE-SU-2015:0434-1
https://lists.suse.com/pipermail/sle-security-updates/2015-March/001269.html
E-Mail link for SUSE-SU-2015:0434-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/911662
SUSE Bug 911662
https://www.suse.com/security/cve/CVE-2014-9447/
SUSE CVE CVE-2014-9447 page

Описание

Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash) in a crafted archive, as demonstrated using the ar program.

Затронутые продукты

SUSE Linux Enterprise Desktop 11 SP3:elfutils-0.152-4.9.17

SUSE Linux Enterprise Desktop 11 SP3:libasm1-0.152-4.9.17

SUSE Linux Enterprise Desktop 11 SP3:libdw1-0.152-4.9.17

SUSE Linux Enterprise Desktop 11 SP3:libdw1-32bit-0.152-4.9.17

Ссылки

https://www.suse.com/security/cve/CVE-2014-9447.html
CVE-2014-9447
https://bugzilla.suse.com/911662
SUSE Bug 911662
https://bugzilla.suse.com/912408
SUSE Bug 912408

SUSE-SU-2015:0434-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 11 SP3

SUSE Linux Enterprise Server 11 SP3

SUSE Linux Enterprise Server 11 SP3-TERADATA

SUSE Linux Enterprise Server for SAP Applications 11 SP3

SUSE Linux Enterprise Software Development Kit 11 SP3

Ссылки

Уязвимость: CVE-2014-9447

Описание

Затронутые продукты

Ссылки