Scientific Linux: SLSA-2015:0729-1 Important Setroubleshoot Update

Mar 26, 2015 •

LinuxSecurity Advisories

1 - 2 min read

Scientific Large Esm H500

Topics Covered

security advisory privilege escalation important update access violation setroubleshoot Scientific Linux

Important: setroubleshoot security update

Date: Thu, 26 Mar 2015 19:45:25 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: setroubleshoot on SL5.x, SL6.x,
 SL7.x i386/x86_64
MIME-Version: 1.0

Synopsis: Important: setroubleshoot security update
Advisory ID: SLSA-2015:0729-1
Issue Date: 2015-03-26
CVE Numbers: CVE-2015-1815
--

It was found that setroubleshoot did not sanitize file names supplied in a
shell command look-up for RPMs associated with access violation reports.
An attacker could use this flaw to escalate their privileges on the system
by supplying a specially crafted file to the underlying shell command.
(CVE-2015-1815)
--

SL5
 noarch
 setroubleshoot-2.0.5-7.el5_11.noarch.rpm
 setroubleshoot-server-2.0.5-7.el5_11.noarch.rpm
SL6
 x86_64
 setroubleshoot-3.0.47-6.el6_6.1.x86_64.rpm
 setroubleshoot-debuginfo-3.0.47-6.el6_6.1.x86_64.rpm
 setroubleshoot-server-3.0.47-6.el6_6.1.x86_64.rpm
 setroubleshoot-doc-3.0.47-6.el6_6.1.x86_64.rpm
 i386
 setroubleshoot-3.0.47-6.el6_6.1.i686.rpm
 setroubleshoot-debuginfo-3.0.47-6.el6_6.1.i686.rpm
 setroubleshoot-server-3.0.47-6.el6_6.1.i686.rpm
 setroubleshoot-doc-3.0.47-6.el6_6.1.i686.rpm
SL7
 x86_64
 setroubleshoot-3.2.17-4.1.el7_1.x86_64.rpm
 setroubleshoot-debuginfo-3.2.17-4.1.el7_1.x86_64.rpm
 setroubleshoot-server-3.2.17-4.1.el7_1.x86_64.rpm

- Scientific Linux Development Team

Powered By

Linux Security Footer

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Your message here