Описание
Security update for augeas
This update for augeas fixes the following issues:
Security issue fixed:
- CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
augeas-1.2.0-17.3.1
augeas-lenses-1.2.0-17.3.1
libaugeas0-1.2.0-17.3.1
SUSE Linux Enterprise Server 12 SP3
augeas-1.2.0-17.3.1
augeas-lenses-1.2.0-17.3.1
libaugeas0-1.2.0-17.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
augeas-1.2.0-17.3.1
augeas-lenses-1.2.0-17.3.1
libaugeas0-1.2.0-17.3.1
SUSE Linux Enterprise Software Development Kit 12 SP3
augeas-devel-1.2.0-17.3.1
Ссылки
- Link for SUSE-SU-2018:0650-1
- E-Mail link for SUSE-SU-2018:0650-1
- SUSE Security Ratings
- SUSE Bug 1054171
- SUSE CVE CVE-2017-7555 page
Описание
Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:augeas-1.2.0-17.3.1
SUSE Linux Enterprise Desktop 12 SP3:augeas-lenses-1.2.0-17.3.1
SUSE Linux Enterprise Desktop 12 SP3:libaugeas0-1.2.0-17.3.1
SUSE Linux Enterprise Server 12 SP3:augeas-1.2.0-17.3.1
Ссылки
- CVE-2017-7555
- SUSE Bug 1054171