Ausführen beliebiger Kommandos in audit daemon
ID: | FEDORA-2015-13526 |
Distribution: | Fedora |
Plattformen: | Fedora 22 |
Datum: | Mi, 19. August 2015, 10:41 |
Referenzen: | http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5186 |
Applikationen: | audit daemon |
Originalnachricht |
|
Name : audit Product : Fedora 22 Version : 2.4.4 Release : 1.fc22 URL : http://people.redhat.com/sgrubb/audit/ Summary : User space tools for 2.6 kernel auditing Description : The audit package contains the user space utilities for storing and searching the audit records generate by the audit subsystem in the Linux 2.6 kernel. -------------------------------------------------------------------------------- Update Information: This update fixes CVE-2015-5186. The issue is that ausearch/report did not escape terminal emulator sequences when interpreting untrusted data. -------------------------------------------------------------------------------- ChangeLog: * Thu Aug 13 2015 Steve Grubb |