Explore top 10 tips to secure your open-source projects now. Read More
×
Date: Thu, 26 Mar 2015 19:45:25 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific LinuxFrom: Pat Riehecky Subject: Security ERRATA Important: setroubleshoot on SL5.x, SL6.x, SL7.x i386/x86_64 MIME-Version: 1.0 Synopsis: Important: setroubleshoot security update Advisory ID: SLSA-2015:0729-1 Issue Date: 2015-03-26 CVE Numbers: CVE-2015-1815 -- It was found that setroubleshoot did not sanitize file names supplied in a shell command look-up for RPMs associated with access violation reports. An attacker could use this flaw to escalate their privileges on the system by supplying a specially crafted file to the underlying shell command. (CVE-2015-1815) -- SL5 noarch setroubleshoot-2.0.5-7.el5_11.noarch.rpm setroubleshoot-server-2.0.5-7.el5_11.noarch.rpm SL6 x86_64 setroubleshoot-3.0.47-6.el6_6.1.x86_64.rpm setroubleshoot-debuginfo-3.0.47-6.el6_6.1.x86_64.rpm setroubleshoot-server-3.0.47-6.el6_6.1.x86_64.rpm setroubleshoot-doc-3.0.47-6.el6_6.1.x86_64.rpm i386 setroubleshoot-3.0.47-6.el6_6.1.i686.rpm setroubleshoot-debuginfo-3.0.47-6.el6_6.1.i686.rpm setroubleshoot-server-3.0.47-6.el6_6.1.i686.rpm setroubleshoot-doc-3.0.47-6.el6_6.1.i686.rpm SL7 x86_64 setroubleshoot-3.2.17-4.1.el7_1.x86_64.rpm setroubleshoot-debuginfo-3.2.17-4.1.el7_1.x86_64.rpm setroubleshoot-server-3.2.17-4.1.el7_1.x86_64.rpm - Scientific Linux Development Team