SUSE-SU-2015:1445-1

Опубликовано: 31 июл. 2015

Источник: suse-cvrf

Описание

Security update for busybox

-The following issues are fixed by this update: CVE-2014-9645: do not allow / in module names to avoid loading bad modules (bnc#914660)

Список пакетов

SUSE Linux Enterprise Desktop 12

busybox-1.21.1-3.3

SUSE Linux Enterprise Server 12

busybox-1.21.1-3.3

SUSE Linux Enterprise Server for SAP Applications 12

busybox-1.21.1-3.3

Ссылки

https://www.suse.com/support/update/announcement/2015/suse-su-20151445-1/
Link for SUSE-SU-2015:1445-1
https://lists.suse.com/pipermail/sle-security-updates/2015-August/001555.html
E-Mail link for SUSE-SU-2015:1445-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/914660
SUSE Bug 914660
https://www.suse.com/security/cve/CVE-2014-9645/
SUSE CVE CVE-2014-9645 page

Описание

The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demonstrated by an "ifconfig /usbserial up" command or a "mount -t /snd_pcm none /" command.

Затронутые продукты

SUSE Linux Enterprise Desktop 12:busybox-1.21.1-3.3

SUSE Linux Enterprise Server 12:busybox-1.21.1-3.3

SUSE Linux Enterprise Server for SAP Applications 12:busybox-1.21.1-3.3

Ссылки

https://www.suse.com/security/cve/CVE-2014-9645.html
CVE-2014-9645
https://bugzilla.suse.com/914423
SUSE Bug 914423
https://bugzilla.suse.com/914660
SUSE Bug 914660

SUSE-SU-2015:1445-1

Описание

Список пакетов

SUSE Linux Enterprise Desktop 12

SUSE Linux Enterprise Server 12

SUSE Linux Enterprise Server for SAP Applications 12

Ссылки

Уязвимость: CVE-2014-9645

Описание

Затронутые продукты

Ссылки