Bugzilla – Bug 905736
VUL-0: CVE-2014-8737: binutils: Directory traversal vulnerability allowing random file deletion/creation
Last modified: 2016-09-08 20:23:57 UTC
Directory traversal in ar: $ printf '!<arch>\n%-48s%-10d`\n../file\n%-48s%-10s`\n' '//' 8 '/0' 0 > test.a $ ar xv test.a x - ../file Report: https://sourceware.org/bugzilla/show_bug.cgi?id=17552#c4 Patch: https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=dd9b91de2149ee81d47f708e7b0bbf57da10ad42 References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8737 http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8737.html http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8737
bugbot adjusting priority
*** Bug 912408 has been marked as a duplicate of this bug. ***
SUSE-SU-2015:0152-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 902676,902677,903655,905735,905736 CVE References: CVE-2014-8484,CVE-2014-8485,CVE-2014-8501,CVE-2014-8502,CVE-2014-8503,CVE-2014-8504,CVE-2014-8737,CVE-2014-8738 Sources used: SUSE Linux Enterprise Software Development Kit 12 (src): binutils-2.24-7.1, cross-ppc-binutils-2.24-7.1, cross-spu-binutils-2.24-7.1 SUSE Linux Enterprise Server 12 (src): binutils-2.24-7.1 SUSE Linux Enterprise Desktop 12 (src): binutils-2.24-7.1
SUSE-SU-2015:0168-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 902676,902677,903655,905735,905736 CVE References: CVE-2014-8484,CVE-2014-8485,CVE-2014-8501,CVE-2014-8502,CVE-2014-8503,CVE-2014-8504,CVE-2014-8737,CVE-2014-8738 Sources used: SUSE Linux Enterprise Software Development Kit 11 SP3 (src): binutils-2.23.1-0.23.15, cross-ppc-binutils-2.23.1-0.23.2, cross-spu-binutils-2.23.1-0.23.2 SUSE Linux Enterprise Server 11 SP3 for VMware (src): binutils-2.23.1-0.23.15 SUSE Linux Enterprise Server 11 SP3 (src): binutils-2.23.1-0.23.15 SUSE Linux Enterprise Desktop 11 SP3 (src): binutils-2.23.1-0.23.15
all interesting ones done.
An update workflow for this issue was started. This issue was rated as moderate. Please submit fixed packages until 2015-12-30. When done, reassign the bug to security-team@suse.de. https://swamp.suse.de/webswamp/wf/62377
Guys, can SLES 11SP1 also be affected by this issue?