openSUSE-SU-2018:2215-1

Опубликовано: 06 авг. 2018

Источник: suse-cvrf

Описание

Security update for rpm

This update for rpm fixes the following issues:

This security vulnerability was fixed:

CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457)

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.0

python-rpm-4.14.1-lp150.9.3.1

python2-rpm-4.14.1-lp150.9.3.1

python3-rpm-4.14.1-lp150.9.3.1

rpm-4.14.1-lp150.9.3.1

rpm-32bit-4.14.1-lp150.9.3.1

rpm-build-4.14.1-lp150.9.3.1

rpm-devel-4.14.1-lp150.9.3.1

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00016.html
E-Mail link for openSUSE-SU-2018:2215-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.

Затронутые продукты

openSUSE Leap 15.0:python-rpm-4.14.1-lp150.9.3.1

openSUSE Leap 15.0:python2-rpm-4.14.1-lp150.9.3.1

openSUSE Leap 15.0:python3-rpm-4.14.1-lp150.9.3.1

openSUSE Leap 15.0:rpm-32bit-4.14.1-lp150.9.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2017-7500.html
CVE-2017-7500
https://bugzilla.suse.com/943457
SUSE Bug 943457
https://bugzilla.suse.com/964063
SUSE Bug 964063

openSUSE-SU-2018:2215-1

Описание

Список пакетов

openSUSE Leap 15.0

Ссылки

Уязвимость: CVE-2017-7500

Описание

Затронутые продукты

Ссылки