Описание
Security update for augeas
This update fixes an untrusted argument escaping problem (CVE-2014-8119):
- new API - aug_escape_name() - which can be used to escape untrusted inputs before using them as part of path expressions
- aug_match() is changed to return properly escaped output
Список пакетов
SUSE Linux Enterprise Desktop 11 SP3
libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Desktop 11 SP4
libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Server 11 SP3
augeas-0.9.0-3.17.2
augeas-lenses-0.9.0-3.17.2
libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Server 11 SP3-TERADATA
augeas-0.9.0-3.17.2
augeas-lenses-0.9.0-3.17.2
libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Server 11 SP4
augeas-0.9.0-3.17.2
augeas-lenses-0.9.0-3.17.2
libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Server for SAP Applications 11 SP3
augeas-0.9.0-3.17.2
augeas-lenses-0.9.0-3.17.2
libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Server for SAP Applications 11 SP4
augeas-0.9.0-3.17.2
augeas-lenses-0.9.0-3.17.2
libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Software Development Kit 11 SP3
augeas-devel-0.9.0-3.17.2
SUSE Linux Enterprise Software Development Kit 11 SP4
augeas-devel-0.9.0-3.17.2
Ссылки
- Link for SUSE-SU-2015:1792-1
- E-Mail link for SUSE-SU-2015:1792-1
- SUSE Security Ratings
- SUSE Bug 925225
- SUSE CVE CVE-2014-8119 page
Описание
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
Затронутые продукты
SUSE Linux Enterprise Desktop 11 SP3:libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Desktop 11 SP4:libaugeas0-0.9.0-3.17.2
SUSE Linux Enterprise Server 11 SP3-TERADATA:augeas-0.9.0-3.17.2
SUSE Linux Enterprise Server 11 SP3-TERADATA:augeas-lenses-0.9.0-3.17.2
Ссылки
- CVE-2014-8119
- SUSE Bug 925225