This update for amanda fixes the following issues: Security issue fixed: - CVE-2016-10729: Fixed a local privilege escalation from amanda to root via unsafe tar command options (bsc#1112916). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4: zypper in -t patch slessp4-amanda-13911=1 - SUSE Linux Enterprise Debuginfo 11-SP4: zypper in -t patch dbgsp4-amanda-13911=1 Package List: - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64): amanda-2.5.2.1-188.5.1 - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64): amanda-debuginfo-2.5.2.1-188.5.1
#1112916
Cross- CVE-2016-10729
Affected Products:
SUSE Linux Enterprise Server 11-SP4
SUSE Linux Enterprise Debuginfo 11-SP4
https://www.suse.com/security/cve/CVE-2016-10729.html
https://bugzilla.suse.com/1112916
Get the latest Linux and open source security news straight to your inbox.