ALT-PU-2015-1461-1
Closed vulnerabilities
                                                                                    Published: 2015-06-02
Modified: 2025-04-12
                                                                            Modified: 2025-04-12
CVE-2015-4155
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
                                                                                        
                                                                                        
                                                                                            Severity: LOW (3.6)
                                                                                        
                                                                                        
                                                                                        
                                                                                        
                                                                                            Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
                                                                                        
                                                                                        
                                                                                    
                                                                                References:
                                                                        - http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
- http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
- http://www.securityfocus.com/bid/74962
- http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
- http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
- http://www.securityfocus.com/bid/74962
                                                                                    Published: 2015-06-02
Modified: 2025-04-12
                                                                            Modified: 2025-04-12
CVE-2015-4156
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
                                                                                        
                                                                                        
                                                                                            Severity: LOW (3.6)
                                                                                        
                                                                                        
                                                                                        
                                                                                        
                                                                                            Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P
                                                                                        
                                                                                        
                                                                                    
                                                                                References:
                                                                        - http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
- http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00090.html
- http://www.securityfocus.com/bid/74961
- http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html
- http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00090.html
- http://www.securityfocus.com/bid/74961
