Bug 772261 (CVE-2012-0787)
Summary: | CVE-2012-0787 augeas: susceptible to mountpoint attack | ||||||
---|---|---|---|---|---|---|---|
Product: | [Other] Security Response | Reporter: | Vincent Danen <vdanen> | ||||
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
Status: | CLOSED ERRATA | QA Contact: | |||||
Severity: | low | Docs Contact: | |||||
Priority: | low | ||||||
Version: | unspecified | CC: | aortega, apevec, ayoung, bfan, chrisw, dallan, dcleal, gkotton, hbrock, iheim, leiwang, lhh, markmc, prc, rbryant, rhos-maint, sclewis, security-response-team, slong, thoger, vdanen, wshi, yeylon | ||||
Target Milestone: | --- | Keywords: | Security | ||||
Target Release: | --- | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
Whiteboard: | |||||||
Fixed In Version: | augeas 1.0.0 | Doc Type: | Bug Fix | ||||
Doc Text: | Story Points: | --- | |||||
Clone Of: | Environment: | ||||||
Last Closed: | 2014-05-02 16:45:22 UTC | Type: | --- | ||||
Regression: | --- | Mount Type: | --- | ||||
Documentation: | --- | CRM: | |||||
Verified Versions: | Category: | --- | |||||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
Cloudforms Team: | --- | Target Upstream Version: | |||||
Embargoed: | |||||||
Bug Depends On: | 1005040, 1032748, 1033395, 1033396, 1033397 | ||||||
Bug Blocks: | 772264, 974906 | ||||||
Attachments: |
|
Description
Vincent Danen
2012-01-06 16:04:54 UTC
Assigned CVE internally and added to alias and title. Created attachment 572544 [details]
proposed upstream fix #1
Adding proposed patch for review.
ACK. Committed proposed upstream fix as commit b8de6a8c Upstream commit from 20120719: https://git.fedorahosted.org/cgit/augeas.git/commit/?id=b8de6a8c This was fixed in 1.0.0 according to the changelog (http://augeas.net/news.html): * prevent cross-mountpoint attacks via .augsave during saving, RedHat bug #772261, CVE-2012-0787 (In reply to Vincent Danen from comment #15) > Upstream commit from 20120719: > > https://git.fedorahosted.org/cgit/augeas.git/commit/?id=b8de6a8c Project moved to github, matching commit link there is: https://github.com/hercules-team/augeas/commit/b8de6a8c This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:1537 https://rhn.redhat.com/errata/RHSA-2013-1537.html Created augeas tracking bugs for this issue: Affects: fedora-all [bug 1033395] Affects: epel-4 [bug 1033396] Affects: epel-5 [bug 1033397] |