Описание
Security update for apport
This update for apport fixes the following issues:
Security issue fixed:
- CVE-2015-1338: Insecurely created crash dumps could lead to a DoS or privilege escalation through malicious symlinks. (bsc#947731)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
apport-0.114-12.8.3.1
apport-crashdb-sle-0.114-0.8.3.1
apport-gtk-0.114-12.8.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
apport-0.114-12.8.3.1
apport-crashdb-sle-0.114-0.8.3.1
apport-gtk-0.114-12.8.3.1
Ссылки
- Link for SUSE-SU-2017:1938-1
- E-Mail link for SUSE-SU-2017:1938-1
- SUSE Security Ratings
- SUSE Bug 947731
- SUSE CVE CVE-2015-1338 page
Описание
kernel_crashdump in Apport before 2.19 allows local users to cause a denial of service (disk consumption) or possibly gain privileges via a (1) symlink or (2) hard link attack on /var/crash/vmcore.log.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:apport-0.114-12.8.3.1
SUSE Linux Enterprise Server 11 SP4:apport-crashdb-sle-0.114-0.8.3.1
SUSE Linux Enterprise Server 11 SP4:apport-gtk-0.114-12.8.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:apport-0.114-12.8.3.1
Ссылки
- CVE-2015-1338
- SUSE Bug 1049352
- SUSE Bug 947731
- SUSE Bug 952246