[Secure-testing-team] Bug#779591: autofs: CVE-2014-8169: privilege escalation via interpreter load path for program based automount maps
Salvatore Bonaccorso
carnil at debian.org
Mon Mar 2 19:26:01 UTC 2015
Source: autofs
Version: 5.0.8-1
Severity: important
Tags: security upstream patch
Hi,
the following vulnerability was published for autofs.
CVE-2014-8169[0]:
priv escalation via interpreter load path for program based automount maps
If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2014-8169
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1192565
Attached are the backported patches for 5.0.8, lightly tested but a
second pair of eyes to review would be welcome.
Regards,
Salvatore
-------------- next part --------------
A non-text attachment was scrubbed...
Name: autofs_5.0.8-1.1.debdiff
Type: text/x-diff
Size: 20642 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20150302/6a119fdc/attachment-0001.diff>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2014-8169-add-a-prefix-to-program-map-stdvars.patch
Type: text/x-diff
Size: 6368 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20150302/6a119fdc/attachment-0002.patch>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: CVE-2014-8169-add-config-option-to-force-use-of-program-map-stdvars.patch
Type: text/x-diff
Size: 4870 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/secure-testing-team/attachments/20150302/6a119fdc/attachment-0003.patch>
More information about the Secure-testing-team
mailing list