Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -7 articles for you...
200
security advisorybug fixmoderate severityScientific Linux: SLSA-2015:2417-1 Moderate: Autofs Security Update
Moderate: autofs security, bug fix and enhancement update. Date: Mon, 21 Dec 2015 23:09:51 +0000 Reply-To: scientific-linux-users@ Sender: Security Errata for Scientific Linux From: Pat Riehecky Subject: Security ERRATA Moderate: autofs on SL7.x x86_64 MIME-Version: 1.0 Message-ID: Synopsis: Moderate: autofs security, bug fix and enhancement update Advisory ID: SLSA-2015:2417-1 Issue Date: 2015-11-19 CVE Numbers: CVE-2014-8169 -- It was found that program-based automounter maps that used interpreted languages such as Python used standard environment variables to locate and load modules of those languages. A local attacker could potentially use this flaw to escalate their privileges on the system. (CVE-2014-8169) Note: This issue has been fixed by adding the "AUTOFS_" prefix to the affected environment variables so that they are not used to subvert the system. A configuration option ("force_standard_program_map_env") to override this prefix and to use the environment variables without the prefix has been added. In addition, warnings have been added to the manual page and to the installed configuration file. Now, by default the standard variables of the program map are provided only with the prefix added to its name. Notably, this update fixes the following bugs: * When the "ls *" command was run in the root of an indirect mount, autofs attempted to literally mount the wildcard character (*) causing it to be added to the negative cache. If done before a valid mount, autofs then failed on further mount attempts inside the mount point, valid or not. This has been fixed, and wildcard map entries now function in the described situation. * When autofs encountered a syntax error consisting of a duplicate entry in a multimap entry, it reported an error and did not mount the map entry. With this update, autofs has been amended to report the problem in the log to alert the system administrator and use the last seen instance of the duplicate entry rather than fail. * In the ldap and sss lookup modules, themap reading functions did not distinguish between the "no entry found" and "service not available" errors. Consequently, when the "service not available" response was returned from a master map read, autofs did not update the mounts. An "entry not found" return does not prevent the map update, so the ldap and sss lookup modules were updated to distinguish between these two returns and now work as expected. In addition, this update adds the following enhancement: * The description of the configuration parameter map_hash_table_size was missing from the autofs.conf(5) man page and its description in the configuration file comments was insufficient. A description of the parameter has been added to autofs.conf(5), and the configuration file comments have been updated. -- SL7 x86_64 autofs-5.0.7-54.el7.x86_64.rpm autofs-debuginfo-5.0.7-54.el7.x86_64.rpm - Scientific Linux Development Team . A security advisory has been issued for the autofs service in Scientific Linux addressing moderate vulnerabilities that could jeopardize data and operations. scientific linux, autofs, moderate, security fix, bug enhancements. . LinuxSecurity.com Team
Dec 21, 2015
Scientific Linux
89
security advisorycriticalfilesystem managementUbuntu 16.04 LTS UBUNTU-2022-450 Major: Systemd Patch Announcement
Updated package.. ---------------------------------------------------------------------Fedora Update Notification FEDORA-2006-621 2006-06-11 ---------------------------------------------------------------------Product : Fedora Core 5 Name : autofs Version : 4.1.4 Release : 25 Summary : A tool for automatically mounting and unmounting filesystems. Description : autofs is a daemon which automatically mounts filesystems when you use them, and unmounts them later when you are not using them. This can include network filesystems, CD-ROMs, floppies, and so forth. ---------------------------------------------------------------------* Tue May 30 2006 Ian Kent - 1:4.1.4-25 - add patch to fix white space handling in get_best_mount function (bz #163999). * Thu May 4 2006 Ian Kent - 1:4.1.4-22 - add patch to use "cifs" instead of smbfs and escape speces in share names (bz #163999, #187732). ---------------------------------------------------------------------This update can be downloaded from: 12277b9a9ebe3904b6bb22f79fb0e36988ca86a0 SRPMS/autofs-4.1.4-25.src.rpm 12277b9a9ebe3904b6bb22f79fb0e36988ca86a0 noarch/autofs-4.1.4-25.src.rpm e66b216d42dd0b028731baba5a8728024bc2676f ppc/autofs-4.1.4-25.ppc.rpm 490d35ce81f9e39078478365a0583a19913bb8fc ppc/debug/autofs-debuginfo-4.1.4-25.ppc.rpm 737adbe611786d87cc5ff7029fbb6951551c834b x86_64/autofs-4.1.4-25.x86_64.rpm 64ba496a5c441c9775fa56f1e2800075e29c044b x86_64/debug/autofs-debuginfo-4.1.4-25.x86_64.rpm 8b5e96c6ac6bd5ba8927a68a7503b989b0aef7e5 i386/autofs-4.1.4-25.i386.rpm e49785d171231662207cbd32d642dfe766494133 i386/debug/autofs-debuginfo-4.1.4-25.i386.rpm This update can be installed with the 'yum' update program. Use 'yum update package-name' at the command line. For more information, refer to 'Managing Software with yum,' available at . ---------------------------------------------------------------------_______________________________________________ Fedora-package-announce mailinglist
Jun 11, 2006
•Critical
Fedora
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!