932143 – (CVE-2015-4156) VUL-1: CVE-2015-4156: gnu_parallel: Further fixes to local file overwrites in 20150522

Bug 932143 (CVE-2015-4156) - VUL-1: CVE-2015-4156: gnu_parallel: Further fixes to local file overwrites in 20150522

Summary: VUL-1: CVE-2015-4156: gnu_parallel: Further fixes to local file overwrites in...

Status:	RESOLVED FIXED

Alias:	CVE-2015-4156

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.2

Priority:	P4 - Low Severity: Normal
Target Milestone:	---
Assignee:	Security Team bot
QA Contact:	Security Team bot

URL:
Whiteboard:
Keywords:

Depends on:	CVE-2015-4155
Blocks:
	Show dependency tree / graph

Clone This Bug

Reported:	2015-05-23 19:15 UTC by Andreas Stieger
Modified:	2015-06-03 08:01 UTC (History)
CC List:	1 user (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-05-23 19:15:41 UTC

The GNU Parallel 20150522 release contains two security relevant items:
http://lists.gnu.org/archive/html/parallel/2015-05/msg00024.html

> * Security: The security issue for --sshlogin + --fifo/--cat has been
> fixed. Thereby all issues with
> http://lists.gnu.org/archive/html/parallel/2015-04/msg00045.html have
> been fixed.
> 
> * Security: After further security analysis the issue fixed in
> 20150422 also fixed the problem for --tmux.

We tracked that item in bug 928664.

openSUSE only.

Comment 1 Bernhard Wiedemann 2015-05-23 21:00:07 UTC

This is an autogenerated message for OBS integration:
This bug (932143) was mentioned in
https://build.opensuse.org/request/show/308476 Factory / gnu_parallel

Comment 2 Bernhard Wiedemann 2015-05-23 22:00:07 UTC

This is an autogenerated message for OBS integration:
This bug (932143) was mentioned in
https://build.opensuse.org/request/show/308479 13.2 / gnu_parallel
https://build.opensuse.org/request/show/308480 13.1 / gnu_parallel

Comment 3 Swamp Workflow Management 2015-05-23 22:00:13 UTC

bugbot adjusting priority

Comment 4 Andreas Stieger 2015-05-24 13:21:09 UTC

Handling update.

Comment 5 Andreas Stieger 2015-05-29 14:37:07 UTC

released

Comment 6 Swamp Workflow Management 2015-05-29 15:06:14 UTC

openSUSE-SU-2015:0968-1: An update that contains security fixes can now be installed.

Category: security (moderate)
Bug References: 932143
CVE References: 
Sources used:
openSUSE 13.2 (src):    gnu_parallel-20150522-2.6.1
openSUSE 13.1 (src):    gnu_parallel-20150522-2.6.1

Comment 7 Andreas Stieger 2015-06-03 07:58:16 UTC

CVE-2015-4155 assigned to this one