SUSE-SU-2018:4121-1

Опубликовано: 14 дек. 2018

Источник: suse-cvrf

Описание

Security update for amanda

This update for amanda fixes the following issues:

Security issue fixed:

CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options (bsc#1112916).

Список пакетов

SUSE Linux Enterprise Server 11 SP4

amanda-2.5.2.1-188.5.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

amanda-2.5.2.1-188.5.1

Ссылки

https://www.suse.com/support/update/announcement/2018/suse-su-20184121-1/
Link for SUSE-SU-2018:4121-1
https://lists.suse.com/pipermail/sle-security-updates/2018-December/004963.html
E-Mail link for SUSE-SU-2018:4121-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1112916
SUSE Bug 1112916
https://www.suse.com/security/cve/CVE-2016-10729/
SUSE CVE CVE-2016-10729 page

Описание

An issue was discovered in Amanda 3.3.1. A user with backup privileges can trivially compromise a client installation. The "runtar" setuid root binary does not check for additional arguments supplied after --create, allowing users to manipulate commands and perform command injection as root.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:amanda-2.5.2.1-188.5.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:amanda-2.5.2.1-188.5.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-10729.html
CVE-2016-10729
https://bugzilla.suse.com/1110797
SUSE Bug 1110797
https://bugzilla.suse.com/1112916
SUSE Bug 1112916

SUSE-SU-2018:4121-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

Ссылки

Уязвимость: CVE-2016-10729

Описание

Затронутые продукты

Ссылки