Upstream information

CVE-2014-2524 at MITRE

Description

The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 3.3
Vector AV:L/AC:M/Au:N/C:N/I:P/A:P
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 868822 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • bash >= 4.2-75.2
  • bash-doc >= 4.2-75.2
  • bash-lang >= 4.2-75.2
  • libreadline6 >= 6.2-75.2
  • libreadline6-32bit >= 6.2-75.2
  • readline-doc >= 6.2-75.2
Patchnames:
SUSE Linux Enterprise Desktop 12 GA bash
SUSE Linux Enterprise Desktop 12 SP1
  • bash >= 4.2-75.2
  • bash-doc >= 4.2-75.2
  • bash-lang >= 4.2-75.2
  • libreadline6 >= 6.2-75.2
  • libreadline6-32bit >= 6.2-75.2
  • readline-doc >= 6.2-75.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA bash
SUSE Linux Enterprise Desktop 12 SP2
  • bash >= 4.3-78.39
  • bash-doc >= 4.3-78.39
  • bash-lang >= 4.3-78.39
  • libreadline6 >= 6.3-78.39
  • libreadline6-32bit >= 6.3-78.39
  • readline-doc >= 6.3-78.39
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA bash
SUSE Linux Enterprise Desktop 12 SP3
  • bash >= 4.3-82.1
  • bash-doc >= 4.3-82.1
  • bash-lang >= 4.3-82.1
  • libreadline6 >= 6.3-82.1
  • libreadline6-32bit >= 6.3-82.1
  • readline-doc >= 6.3-82.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA bash
SUSE Linux Enterprise Module for Basesystem 15
  • bash >= 4.4-7.14
  • bash-devel >= 4.4-7.14
  • bash-doc >= 4.4-7.14
  • bash-lang >= 4.4-7.14
  • libreadline7 >= 7.0-7.14
  • readline-devel >= 7.0-7.14
  • readline-doc >= 7.0-7.14
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA bash
SUSE Linux Enterprise Module for Development Tools 15
  • crash >= 7.2.1-1.22
  • crash-devel >= 7.2.1-1.22
  • crash-kmp-default >= 7.2.1_k4.12.14_23-1.22
Patchnames:
SUSE Linux Enterprise Module for Development Tools 15 GA crash
SUSE Linux Enterprise Server 12
  • bash >= 4.2-75.2
  • bash-doc >= 4.2-75.2
  • libreadline6 >= 6.2-75.2
  • libreadline6-32bit >= 6.2-75.2
  • readline-doc >= 6.2-75.2
Patchnames:
SUSE Linux Enterprise Server 12 GA bash
SUSE Linux Enterprise Server 12 SP1
  • bash >= 4.2-75.2
  • bash-doc >= 4.2-75.2
  • libreadline6 >= 6.2-75.2
  • libreadline6-32bit >= 6.2-75.2
  • readline-doc >= 6.2-75.2
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA bash
SUSE Linux Enterprise Server 12 SP2
  • bash >= 4.3-78.39
  • bash-doc >= 4.3-78.39
  • libreadline6 >= 6.3-78.39
  • libreadline6-32bit >= 6.3-78.39
  • readline-doc >= 6.3-78.39
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA bash
SUSE Linux Enterprise Server 12 SP3
  • bash >= 4.3-82.1
  • bash-doc >= 4.3-82.1
  • crash >= 7.1.8-3.9
  • crash-kmp-default >= 7.1.8_k4.4.73_5-3.9
  • libreadline6 >= 6.3-82.1
  • libreadline6-32bit >= 6.3-82.1
  • readline-doc >= 6.3-82.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA bash
SUSE Linux Enterprise Server 12 SP3 GA crash
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • bash >= 4.3-78.39
  • bash-doc >= 4.3-78.39
  • libreadline6 >= 6.3-78.39
  • readline-doc >= 6.3-78.39
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA bash
SUSE Linux Enterprise Software Development Kit 12
  • bash-devel >= 4.2-75.2
  • readline-devel >= 6.2-75.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA bash-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • bash-devel >= 4.2-75.2
  • readline-devel >= 6.2-75.2
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA bash-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • bash-devel >= 4.3-78.39
  • readline-devel >= 6.3-78.39
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA bash-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • bash-devel >= 4.3-82.1
  • crash-devel >= 7.1.8-3.9
  • readline-devel >= 6.3-82.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA bash-devel
SUSE Linux Enterprise Software Development Kit 12 SP3 GA crash-devel
SUSE Linux Enterprise Workstation Extension 12
  • bash-lang >= 4.2-75.2
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 GA bash-lang
SUSE Linux Enterprise Workstation Extension 12 SP1
  • bash-lang >= 4.2-75.2
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP1 GA bash-lang
SUSE Linux Enterprise Workstation Extension 12 SP2
  • bash-lang >= 4.3-78.39
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP2 GA bash-lang
SUSE Linux Enterprise Workstation Extension 12 SP3
  • bash-lang >= 4.3-82.1
Patchnames:
SUSE Linux Enterprise Workstation Extension 12 SP3 GA bash-lang
openSUSE 13.1
  • bash >= 4.2-68.4.1
  • bash-debuginfo >= 4.2-68.4.1
  • bash-debuginfo-32bit >= 4.2-68.4.1
  • bash-debugsource >= 4.2-68.4.1
  • bash-devel >= 4.2-68.4.1
  • bash-doc >= 4.2-68.4.1
  • bash-lang >= 4.2-68.4.1
  • bash-loadables >= 4.2-68.4.1
  • bash-loadables-debuginfo >= 4.2-68.4.1
  • libreadline6 >= 6.2-68.4.1
  • libreadline6-32bit >= 6.2-68.4.1
  • libreadline6-debuginfo >= 6.2-68.4.1
  • libreadline6-debuginfo-32bit >= 6.2-68.4.1
  • readline-devel >= 6.2-68.4.1
  • readline-devel-32bit >= 6.2-68.4.1
  • readline-doc >= 6.2-68.4.1
Patchnames:
openSUSE-2014-559
openSUSE Leap 15.0
  • bash >= 4.4-lp150.7.8
  • bash-doc >= 4.4-lp150.7.8
  • bash-lang >= 4.4-lp150.7.8
  • libreadline7 >= 7.0-lp150.7.8
  • readline-doc >= 7.0-lp150.7.8
Patchnames:
openSUSE Leap 15.0 GA bash
openSUSE Leap 42.1
  • bash >= 4.2-76.4
  • bash-doc >= 4.2-76.4
  • bash-lang >= 4.2-76.4
  • crash-kmp-default >= 7.1.3_k4.1.12_1-4.14
  • crash-kmp-xen >= 7.1.3_k4.1.12_1-4.14
  • libreadline6 >= 6.2-76.4
  • readline-devel >= 6.2-76.4
  • readline-doc >= 6.2-76.4
Patchnames:
openSUSE Leap 42.1 GA bash
openSUSE Leap 42.1 GA crash-kmp-default
openSUSE Leap 42.2
  • bash >= 4.3-79.15
  • bash-doc >= 4.3-79.15
  • bash-lang >= 4.3-79.15
  • libreadline6 >= 6.3-79.15
  • readline-devel >= 6.3-79.15
  • readline-doc >= 6.3-79.15
Patchnames:
openSUSE Leap 42.2 GA bash
openSUSE Leap 42.3
  • bash >= 4.3-82.6
  • bash-doc >= 4.3-82.6
  • bash-lang >= 4.3-82.6
  • crash-kmp-default >= 7.1.8_k4.4.76_1-1.4
  • libreadline6 >= 6.3-82.6
  • readline-devel >= 6.3-82.6
  • readline-doc >= 6.3-82.6
Patchnames:
openSUSE Leap 42.3 GA bash
openSUSE Leap 42.3 GA crash-kmp-default
openSUSE Tumbleweed
  • bash >= 4.4-92.1
  • bash-devel >= 4.4-92.1
  • bash-doc >= 4.4-92.1
  • bash-lang >= 4.4-92.1
  • bash-loadables >= 4.4-92.1
  • crash >= 7.1.5-3.51
  • crash-devel >= 7.1.5-3.51
  • crash-doc >= 7.1.5-3.51
  • crash-eppic >= 7.1.5-3.51
  • crash-gcore >= 7.1.5-3.51
  • crash-kmp-default >= 7.1.5_k4.8.13_1-3.51
  • crash-kmp-pae >= 7.1.5_k4.8.13_1-3.51
  • libreadline7 >= 7.0-92.1
  • libreadline7-32bit >= 7.0-92.1
  • readline-devel >= 7.0-92.1
  • readline-devel-32bit >= 7.0-92.1
  • readline-doc >= 7.0-92.1
Patchnames:
openSUSE Tumbleweed GA bash
openSUSE Tumbleweed GA crash