Описание
Security update for libvdpau
libvdpau was updated to use secure_getenv() instead of getenv() for several variables so it can be more safely used in setuid applications.
- CVE-2015-5198: libvdpau: incorrect check for security transition (bnc#943967)
- CVE-2015-5199: libvdpau: directory traversal in dlopen (bnc#943968)
- CVE-2015-5200: libvdpau: vulnerability in trace functionality (bnc#943969)
Список пакетов
SUSE Linux Enterprise Desktop 12
libvdpau1-0.8-3.1
libvdpau1-32bit-0.8-3.1
SUSE Linux Enterprise Server 12
libvdpau1-0.8-3.1
SUSE Linux Enterprise Server for SAP Applications 12
libvdpau1-0.8-3.1
SUSE Linux Enterprise Software Development Kit 12
libvdpau-devel-0.8-3.1
SUSE Linux Enterprise Workstation Extension 12
libvdpau1-32bit-0.8-3.1
Ссылки
- Link for SUSE-SU-2015:1892-1
- E-Mail link for SUSE-SU-2015:1892-1
- SUSE Security Ratings
- SUSE Bug 943967
- SUSE Bug 943968
- SUSE Bug 943969
- SUSE CVE CVE-2015-5198 page
- SUSE CVE CVE-2015-5199 page
- SUSE CVE CVE-2015-5200 page
Описание
libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to gain privileges via unspecified vectors, related to the VDPAU_DRIVER_PATH environment variable.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libvdpau1-0.8-3.1
SUSE Linux Enterprise Desktop 12:libvdpau1-32bit-0.8-3.1
SUSE Linux Enterprise Server 12:libvdpau1-0.8-3.1
SUSE Linux Enterprise Server for SAP Applications 12:libvdpau1-0.8-3.1
Ссылки
- CVE-2015-5198
- SUSE Bug 943967
Описание
Directory traversal vulnerability in dlopen in libvdpau before 1.1.1 allows local users to gain privileges via the VDPAU_DRIVER environment variable.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libvdpau1-0.8-3.1
SUSE Linux Enterprise Desktop 12:libvdpau1-32bit-0.8-3.1
SUSE Linux Enterprise Server 12:libvdpau1-0.8-3.1
SUSE Linux Enterprise Server for SAP Applications 12:libvdpau1-0.8-3.1
Ссылки
- CVE-2015-5199
- SUSE Bug 943968
Описание
The trace functionality in libvdpau before 1.1.1, when used in a setuid or setgid application, allows local users to write to arbitrary files via unspecified vectors.
Затронутые продукты
SUSE Linux Enterprise Desktop 12:libvdpau1-0.8-3.1
SUSE Linux Enterprise Desktop 12:libvdpau1-32bit-0.8-3.1
SUSE Linux Enterprise Server 12:libvdpau1-0.8-3.1
SUSE Linux Enterprise Server for SAP Applications 12:libvdpau1-0.8-3.1
Ссылки
- CVE-2015-5200
- SUSE Bug 943969