2014-12-20
ALT-BU-2014-3173-1
Branch sisyphus update bulletin.
Package kernel-image-ovz-el updated to version 2.6.32-alt126 for branch sisyphus in task 137014.
Closed bugs
update to 042stab094.8
Closed vulnerabilities
Published: 2014-08-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
Severity: LOW (3.3)
References:
- http://advisories.mageia.org/MGASA-2014-0319.html
- http://advisories.mageia.org/MGASA-2014-0319.html
- [Bug-readline] 20140331 Readline-6.3 Official Patch 3
- [Bug-readline] 20140331 Readline-6.3 Official Patch 3
- openSUSE-SU-2014:1226
- openSUSE-SU-2014:1226
- [oss-security] 20140314 Insecure usage of temporary files in GNU Readline
- [oss-security] 20140314 Insecure usage of temporary files in GNU Readline
- [oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline
- [oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline
- MDVSA-2014:154
- MDVSA-2014:154
- MDVSA-2015:132
- MDVSA-2015:132
- https://bugzilla.redhat.com/show_bug.cgi?id=1077023
- https://bugzilla.redhat.com/show_bug.cgi?id=1077023
- FEDORA-2014-7523
- FEDORA-2014-7523