ALT-PU-2014-2476-1
Closed vulnerabilities
Published: 2014-08-20
Modified: 2024-11-21
Modified: 2024-11-21
CVE-2014-2524
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
Severity: LOW (3.3)
References:
- http://advisories.mageia.org/MGASA-2014-0319.html
- http://advisories.mageia.org/MGASA-2014-0319.html
- [Bug-readline] 20140331 Readline-6.3 Official Patch 3
- [Bug-readline] 20140331 Readline-6.3 Official Patch 3
- openSUSE-SU-2014:1226
- openSUSE-SU-2014:1226
- [oss-security] 20140314 Insecure usage of temporary files in GNU Readline
- [oss-security] 20140314 Insecure usage of temporary files in GNU Readline
- [oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline
- [oss-security] 20140317 Re: Insecure usage of temporary files in GNU Readline
- MDVSA-2014:154
- MDVSA-2014:154
- MDVSA-2015:132
- MDVSA-2015:132
- https://bugzilla.redhat.com/show_bug.cgi?id=1077023
- https://bugzilla.redhat.com/show_bug.cgi?id=1077023
- FEDORA-2014-7523
- FEDORA-2014-7523