Upstream information

CVE-2014-2893 at MITRE

Description

The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having low severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 1.9
Vector AV:L/AC:M/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None
SUSE Bugzilla entry: 874798 [RESOLVED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 13.1
  • libLLVM >= 3.3-6.7.1
  • libLLVM-32bit >= 3.3-6.7.1
  • libLLVM-debuginfo >= 3.3-6.7.1
  • libLLVM-debuginfo-32bit >= 3.3-6.7.1
  • libclang >= 3.3-6.7.1
  • libclang-debuginfo >= 3.3-6.7.1
  • llvm >= 3.3-6.7.1
  • llvm-clang >= 3.3-6.7.1
  • llvm-clang-debuginfo >= 3.3-6.7.1
  • llvm-clang-devel >= 3.3-6.7.1
  • llvm-debuginfo >= 3.3-6.7.1
  • llvm-debugsource >= 3.3-6.7.1
  • llvm-devel >= 3.3-6.7.1
  • llvm-devel-debuginfo >= 3.3-6.7.1
  • llvm-vim-plugins >= 3.3-6.7.1
Patchnames:
openSUSE-2015-122