Bugzilla – Bug 943105
VUL-1: CVE-2015-5228,CVE-2015-5231: criu: arbitrary file creation and chown
Last modified: 2015-09-24 15:42:18 UTC
According to the oss-sec posting there is an ongoing hardening-process for this package. Since we seem to only have this in Factory, there is no update necessary. However we should take care to include these fixes. rh#1255782 References: https://bugzilla.redhat.com/show_bug.cgi?id=1256728 https://bugzilla.redhat.com/show_bug.cgi?id=1255782 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5231 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5228 http://seclists.org/oss-sec/2015/q3/433 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5228 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5231 http://lists.openvz.org/pipermail/criu/2015-August/021847.html
bugbot adjusting priority
I disabled systemd service in criu package as a temporary solution. This is a rarely used feature, and it was even suggested in the upstream discussion.
This is an autogenerated message for OBS integration: This bug (943105) was mentioned in https://build.opensuse.org/request/show/330521 13.2 / criu
openSUSE-SU-2015:1593-1: An update that fixes two vulnerabilities is now available. Category: security (moderate) Bug References: 943105 CVE References: CVE-2015-5228,CVE-2015-5231 Sources used: openSUSE 13.2 (src): criu-1.3.1-4.1
Let's close.