Secunia Security Advisory - SUSE has issued an update for yast2-backup. This fixes a security issue, which can be exploited by malicious, local users to gain escalated privileges.
22651cffa17400c1ac3c12b0c44b9934ffc22b3ee54c8a7dfed75b721a3d4579
----------------------------------------------------------------------
Did you know that a change in our assessment rating, exploit code
availability, or if an updated patch is released by the vendor, is
not part of this mailing-list?
Click here to learn more:
http://secunia.com/advisories/business_solutions/
----------------------------------------------------------------------
TITLE:
SUSE update for yast2-backup
SECUNIA ADVISORY ID:
SA32832
VERIFY ADVISORY:
http://secunia.com/advisories/32832/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
OPERATING SYSTEM:
openSUSE 10.2
http://secunia.com/advisories/product/13375/
openSUSE 10.3
http://secunia.com/advisories/product/16124/
openSUSE 11.0
http://secunia.com/advisories/product/19180/
SuSE Linux Enterprise Server 8
http://secunia.com/advisories/product/1171/
SUSE Linux Enterprise Server 9
http://secunia.com/advisories/product/4118/
SUSE Linux Enterprise Server 10
http://secunia.com/advisories/product/12192/
SOFTWARE:
Novell Open Enterprise Server 1.x
http://secunia.com/advisories/product/4664/
DESCRIPTION:
SUSE has issued an update for yast2-backup. This fixes a security
issue, which can be exploited by malicious, local users to gain
escalated privileges.
The security issue is caused due to yast2-backup not properly
sanitising filenames, which can be exploited to inject arbitrary
shell commands via specially crafted filenames.
SOLUTION:
Apply updated packages.
Platform Independent:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/noarch/yast2-backup-2.16.6-0.1.noarch.rpm
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/noarch/yast2-backup-2.15.7-0.1.noarch.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/noarch/yast2-backup-2.14.2-0.1.noarch.rpm
Sources:
openSUSE 11.0:
http://download.opensuse.org/pub/opensuse/update/11.0/rpm/src/yast2-backup-2.16.6-0.1.src.rpm
openSUSE 10.3:
http://download.opensuse.org/pub/opensuse/update/10.3/rpm/src/yast2-backup-2.15.7-0.1.src.rpm
openSUSE 10.2:
ftp://ftp.suse.com/pub/suse/update/10.2/rpm/src/yast2-backup-2.14.2-0.1.src.rpm
Open Enterprise Server
http://download.novell.com/index.jsp?search=Search&keywords=9b5088ff155f0ef71eeac627566a4ebe
Novell Linux POS 9
http://download.novell.com/index.jsp?search=Search&keywords=9b5088ff155f0ef71eeac627566a4ebe
Novell Linux Desktop 9
http://download.novell.com/index.jsp?search=Search&keywords=9b5088ff155f0ef71eeac627566a4ebe
SUSE SLES 9
http://download.novell.com/index.jsp?search=Search&keywords=9b5088ff155f0ef71eeac627566a4ebe
SuSE Linux Enterprise Server 8
http://download.novell.com/index.jsp?search=Search&keywords=83466dc61c7874dbb83c7035c8f3fed2
SUSE Linux Enterprise Server 10 SP1
http://download.novell.com/index.jsp?search=Search&keywords=873b8cb0771c68aded76518d4b12c766
SUSE Linux Enterprise Desktop 10 SP1
http://download.novell.com/index.jsp?search=Search&keywords=873b8cb0771c68aded76518d4b12c766
SUSE Linux Enterprise Server 10 SP2
http://download.novell.com/index.jsp?search=Search&keywords=388de739f171e7e9754618a1fee7894e
SUSE Linux Enterprise Desktop 10 SP2
http://download.novell.com/index.jsp?search=Search&keywords=388de739f171e7e9754618a1fee7894e
PROVIDED AND/OR DISCOVERED BY:
Reported by the vendor.
ORIGINAL ADVISORY:
SUSE-SA:2008:054
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------