Bug 1186764 (CVE-2015-1396) - CVE-2015-1396 patch: directory traversal via symlinks (incomplete fix for CVE-2015-1196)
Summary: CVE-2015-1396 patch: directory traversal via symlinks (incomplete fix for CVE...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2015-1396
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1182159
TreeView+ depends on / blocked
 
Reported: 2015-01-28 13:51 UTC by Vasyl Kaigorodov
Modified: 2019-09-29 13:27 UTC (History)
3 users (show)

Fixed In Version: patch 2.7.4
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-07-31 04:45:39 UTC


Attachments (Terms of Use)

Description Vasyl Kaigorodov 2015-01-28 13:51:39 UTC
It was reported [1] that the fix for CVE-2015-1196 [2] was incomplete.

[1] https://bugs.debian.org/775901
[2] https://bugzilla.redhat.com/show_bug.cgi?id=1182154

Comment 1 Tim Waugh 2015-01-28 17:34:55 UTC
This was fixed in patch-2.7.3.

Comment 2 Tim Waugh 2015-02-03 15:32:14 UTC
Sorry, I mean 2.7.4.

Comment 3 Vincent Danen 2015-07-31 04:45:39 UTC
Given we have not fixed CVE-2015-1196, we're not affected by this issue.


Note You need to log in before you can comment on or make changes to this bug.