Upstream information

CVE-2009-0035 at MITRE

Description

alsa-utils 1.0.19 and later versions allows local users to overwrite arbitrary files via a symlink attack via the /usr/bin/alsa-info and /usr/bin/alsa-info.sh scripts.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

SUSE Bugzilla entry: 533396 [VERIFIED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
  • alsa >= 1.0.27.2-15.1
  • libasound2 >= 1.0.27.2-15.1
  • libasound2-32bit >= 1.0.27.2-15.1
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
  • alsa >= 1.0.27.2-11.10
  • libasound2 >= 1.0.27.2-11.10
  • libasound2-32bit >= 1.0.27.2-11.10
SUSE Linux Enterprise High Performance Computing 12 SP5
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 12 SP5
  • alsa >= 1.0.27.2-15.1
  • alsa-docs >= 1.0.27.2-15.1
  • libasound2 >= 1.0.27.2-15.1
  • libasound2-32bit >= 1.0.27.2-15.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
  • alsa >= 1.1.5-6.6.1
  • alsa-devel >= 1.1.5-6.6.1
  • libasound2 >= 1.1.5-6.6.1
  • libasound2-32bit >= 1.1.5-6.6.1
SUSE Linux Enterprise Module for Basesystem 15
  • alsa >= 1.1.5-4.22
  • alsa-devel >= 1.1.5-4.22
  • libasound2 >= 1.1.5-4.22
  • libasound2-32bit >= 1.1.5-4.22
SUSE Linux Enterprise Server 12 SP1
  • alsa >= 1.0.27.2-11.10
  • alsa-docs >= 1.0.27.2-11.10
  • libasound2 >= 1.0.27.2-11.10
  • libasound2-32bit >= 1.0.27.2-11.10
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP2
  • alsa >= 1.0.27.2-11.4
  • alsa-docs >= 1.0.27.2-11.4
  • libasound2 >= 1.0.27.2-11.4
  • libasound2-32bit >= 1.0.27.2-11.10
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • alsa >= 1.0.27.2-11.4
  • alsa-docs >= 1.0.27.2-11.4
  • libasound2 >= 1.0.27.2-11.4
SUSE Linux Enterprise Software Development Kit 12 SP2
  • alsa-devel >= 1.0.27.2-11.4
SUSE Linux Enterprise Software Development Kit 12 SP3
SUSE Linux Enterprise Software Development Kit 12 SP4
SUSE Linux Enterprise Software Development Kit 12 SP5
  • alsa-devel >= 1.0.27.2-15.1
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Software Development Kit 12 SP1
  • alsa-devel >= 1.0.27.2-11.10
openSUSE Leap 15.0
  • alsa >= 1.1.5-lp150.4.3
  • libasound2 >= 1.1.5-lp150.4.3
  • libasound2-32bit >= 1.1.5-lp150.4.3
Patchnames:
openSUSE Leap 15.0 GA alsa
openSUSE Leap 42.1
  • alsa >= 1.0.29-8.1
  • alsa-devel >= 1.0.29-8.1
  • libasound2 >= 1.0.29-8.1
  • libasound2-32bit >= 1.0.29-8.1
Patchnames:
openSUSE Leap 42.1 GA alsa
openSUSE Leap 42.2
  • alsa >= 1.1.2-1.2
  • alsa-devel >= 1.1.2-1.2
  • libasound2 >= 1.1.2-1.2
  • libasound2-32bit >= 1.1.2-1.2
Patchnames:
openSUSE Leap 42.2 GA alsa
openSUSE Leap 42.3
  • alsa >= 1.1.4.1-1.1
  • alsa-devel >= 1.1.4.1-1.1
  • libasound2 >= 1.1.4.1-1.1
  • libasound2-32bit >= 1.1.4.1-1.1
Patchnames:
openSUSE Leap 42.3 GA alsa
openSUSE Tumbleweed
  • alsa >= 1.1.2-2.1
  • alsa-devel >= 1.1.2-2.1
  • alsa-devel-32bit >= 1.1.2-2.1
  • alsa-docs >= 1.1.2-2.1
  • libasound2 >= 1.1.2-2.1
  • libasound2-32bit >= 1.1.2-2.1
Patchnames:
openSUSE Tumbleweed GA alsa