Bug 1178888 (CVE-2014-9447) - CVE-2014-9447 elfutils: directory traversal in read_long_names()
Summary: CVE-2014-9447 elfutils: directory traversal in read_long_names()
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2014-9447
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1181525
Blocks: 1171146
TreeView+ depends on / blocked
 
Reported: 2015-01-05 15:26 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:26 UTC (History)
17 users (show)

Fixed In Version: elfutils 0.162
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-06-30 11:52:04 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-01-05 15:26:15 UTC
Directory traversal vulnerability was reported in elfutils [1] 'ar' utility.
Upstream commit with the analysis:
https://git.fedorahosted.org/cgit/elfutils.git/commit/?id=147018e729e7c22eeabf15b82d26e4bf68a0d18e

[1]: https://lists.fedorahosted.org/pipermail/elfutils-devel/2014-December/004499.html

Comment 1 Florian Weimer 2015-01-13 10:44:41 UTC
Created elfutils tracking bugs for this issue:

Affects: fedora-all [bug 1181525]

Comment 2 Fedora Update System 2015-01-19 01:35:27 UTC
elfutils-0.161-2.fc21 has been pushed to the Fedora 21 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2015-01-20 20:59:37 UTC
elfutils-0.161-2.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 5 Stefan Cornelius 2017-06-30 11:52:04 UTC
Fixed in RHEL6 via RHEA-2015:1302.

Fixed in RHEL7 via RHEA-2015:2126.


Note You need to log in before you can comment on or make changes to this bug.