Bug 1280543 (CVE-2015-7543)
Summary: | CVE-2015-7543 arts,kdelibs3: Use of mktemp(3) allows attacker to hijack the IPC | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Yaakov Selkowitz <yselkowi> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED WONTFIX | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | kevin, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2015-12-08 05:44:49 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1289236, 1289238, 1289235, 1289237 | ||
Bug Blocks: | 1281443 |
Description
Yaakov Selkowitz
2015-11-12 03:06:51 UTC
Created kdelibs3 tracking bugs for this issue: Affects: fedora-all [bug 1289235] Affects: epel-7 [bug 1289236] Created arts tracking bugs for this issue: Affects: fedora-all [bug 1289237] Affects: epel-7 [bug 1289238] Yes, that patch (fairly trivial at that) should fix it, let's apply it ASAP. For the sake of public disclosure, TDE arts and tdelibs, being forks of the above (and unchanged wrt this particular code), are similarly affected. Neither are currently in Fedora. I have filed this with upstream TDE: https://bugs.trinitydesktop.org/show_bug.cgi?id=2556 For anybody reading this, the WONTFIX is only for RHEL, I am fixing this in Fedora, see the Fedora trackers (arts: bug #1289237, kdelibs3: bug #1289235). arts fix: http://pkgs.fedoraproject.org/cgit/arts.git/plain/arts-1.5.10-CVE-2015-7543.patch kdelibs3 fix: http://pkgs.fedoraproject.org/cgit/kdelibs3.git/plain/kdelibs-3.5.10-CVE-2015-7543.patch kdelibs3-3.5.10-71.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. arts-1.5.10-30.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report. kdelibs3-3.5.10-71.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. arts-1.5.10-30.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report. |