ALT-BU-2015-2425-1
Branch sisyphus update bulletin.
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-4155
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
- [parallel] 20150423 GNU Parallel Security Advisory: GNU Parallel can be tricked into overwriting a file
- [parallel] 20150423 GNU Parallel Security Advisory: GNU Parallel can be tricked into overwriting a file
- [parallel] 20150522 GNU Parallel 20150522 ('Nepal') released [stable]
- [parallel] 20150522 GNU Parallel 20150522 ('Nepal') released [stable]
- 74962
- 74962
Modified: 2024-11-21
CVE-2015-4156
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
- [parallel] 20150423 GNU Parallel Security Advisory: GNU Parallel can be tricked into overwriting a file
- [parallel] 20150423 GNU Parallel Security Advisory: GNU Parallel can be tricked into overwriting a file
- [parallel] 20150522 GNU Parallel 20150522 ('Nepal') released [stable]
- [parallel] 20150522 GNU Parallel 20150522 ('Nepal') released [stable]
- openSUSE-SU-2015:0968
- openSUSE-SU-2015:0968
- 74961
- 74961
Closed vulnerabilities
Modified: 2024-11-21
CVE-2015-0840
The dpkg-source command in Debian dpkg before 1.16.16 and 1.17.x before 1.17.25 allows remote attackers to bypass signature verification via a crafted Debian source control file (.dsc).
Modified: 2024-11-21
CVE-2017-8283
dpkg-source in dpkg 1.3.0 through 1.18.23 is able to use a non-GNU patch program and does not offer a protection mechanism for blank-indented diff hunks, which allows remote attackers to conduct directory traversal attacks via a crafted Debian source package, as demonstrated by use of dpkg-source on NetBSD.