Описание
Security update for supportutils
supportutils was updated to fix one security issue.
This security issue was fixed:
- CVE-2016-1602: Code injection and privilege escalation via unescaped filenames (bsc#980670).
Список пакетов
SUSE Linux Enterprise Server 11 SP4
supportutils-1.20-121.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
supportutils-1.20-121.1
Ссылки
- Link for SUSE-SU-2016:1514-1
- E-Mail link for SUSE-SU-2016:1514-1
- SUSE Security Ratings
- SUSE Bug 980670
- SUSE CVE CVE-2016-1602 page
Описание
A code injection in the supportconfig data collection tool in supportutils in SUSE Linux Enterprise Server 12 and 12-SP1 and SUSE Linux Enterprise Desktop 12 and 12-SP1 could be used by local attackers to execute code as the user running supportconfig (usually root).
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:supportutils-1.20-121.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:supportutils-1.20-121.1
Ссылки
- CVE-2016-1602
- SUSE Bug 1063385
- SUSE Bug 980670