Описание
Security update for autofs
autofs was updated to fix one security issue.
This security issue was fixed:
- CVE-2014-8169: Prevent potential privilege escalation via interpreter load path for program-based automount maps (bnc#917977).
These non-security issues were fixed:
- Dont pass sloppy option for other than nfs mounts (bnc#901448, bnc#916203)
- Fix insserv warning at postinstall (bnc#913376)
- Fix autofs.service so that multiple options passed through sysconfig AUTOFS_OPTIONS work correctly (bnc#909472)
Список пакетов
SUSE Linux Enterprise Desktop 12
autofs-5.0.9-8.1
SUSE Linux Enterprise Server 12
autofs-5.0.9-8.1
SUSE Linux Enterprise Server for SAP Applications 12
autofs-5.0.9-8.1
Ссылки
- Link for SUSE-SU-2015:1020-1
- E-Mail link for SUSE-SU-2015:1020-1
- SUSE Security Ratings
- SUSE Bug 901448
- SUSE Bug 909472
- SUSE Bug 913376
- SUSE Bug 916203
- SUSE Bug 917977
- SUSE CVE CVE-2014-8169 page
Описание
automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:autofs-5.0.9-8.1
SUSE Linux Enterprise Server 12:autofs-5.0.9-8.1
SUSE Linux Enterprise Server for SAP Applications 12:autofs-5.0.9-8.1
Ссылки
- CVE-2014-8169
- SUSE Bug 917977