Описание
Security update for augeas
This update fixes an untrusted argument escaping problem (CVE-2014-8119):
- new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions
- aug_match() is changed to return properly escaped output
Список пакетов
SUSE Linux Enterprise Desktop 12
libaugeas0-1.2.0-3.1
SUSE Linux Enterprise Server 12
augeas-1.2.0-3.1
augeas-lenses-1.2.0-3.1
libaugeas0-1.2.0-3.1
SUSE Linux Enterprise Server for SAP Applications 12
augeas-1.2.0-3.1
augeas-lenses-1.2.0-3.1
libaugeas0-1.2.0-3.1
SUSE Linux Enterprise Software Development Kit 12
augeas-devel-1.2.0-3.1
Ссылки
- Link for SUSE-SU-2015:1249-1
- E-Mail link for SUSE-SU-2015:1249-1
- SUSE Security Ratings
- SUSE Bug 925225
- SUSE CVE CVE-2014-8119 page
Описание
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libaugeas0-1.2.0-3.1
SUSE Linux Enterprise Server 12:augeas-1.2.0-3.1
SUSE Linux Enterprise Server 12:augeas-lenses-1.2.0-3.1
SUSE Linux Enterprise Server 12:libaugeas0-1.2.0-3.1
Ссылки
- CVE-2014-8119
- SUSE Bug 925225