Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2018:0653-1

Опубликовано: 09 мар. 2018
Источник: suse-cvrf

Описание

Security update for augeas

This update for augeas fixes the following issues:

Security issues fixed:

  • CVE-2017-7555: Fix a memory corruption bug could have lead to arbitrary code execution by passing crafted strings that would be mis-handled by parse_name() (bsc#1054171).
  • CVE-2014-8119: Fix improper handling of escaped strings leading to memory corruption (bsc#925225).

Список пакетов

SUSE Linux Enterprise Server 11 SP4
augeas-0.9.0-3.21.3.1
augeas-lenses-0.9.0-3.21.3.1
libaugeas0-0.9.0-3.21.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
augeas-0.9.0-3.21.3.1
augeas-lenses-0.9.0-3.21.3.1
libaugeas0-0.9.0-3.21.3.1
SUSE Linux Enterprise Software Development Kit 11 SP4
augeas-devel-0.9.0-3.21.3.1

Ссылки

Описание

The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:augeas-0.9.0-3.21.3.1
SUSE Linux Enterprise Server 11 SP4:augeas-lenses-0.9.0-3.21.3.1
SUSE Linux Enterprise Server 11 SP4:libaugeas0-0.9.0-3.21.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:augeas-0.9.0-3.21.3.1
Ссылки

Описание

Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution.

Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:augeas-0.9.0-3.21.3.1
SUSE Linux Enterprise Server 11 SP4:augeas-lenses-0.9.0-3.21.3.1
SUSE Linux Enterprise Server 11 SP4:libaugeas0-0.9.0-3.21.3.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:augeas-0.9.0-3.21.3.1
Ссылки