Vulnerability CVE-2008-0525: Information
Description
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
Severity: MEDIUM (4.6)
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
kernel-image-std-debug | sisyphus | 4.14.85-alt1 | 6.1.91-alt1 | ALT-PU-2018-2754-1 | 217182 | Fixed |
kernel-image-std-debug | c9f2 | 4.14.85-alt1 | 4.19.102-alt1 | ALT-PU-2018-2754-1 | 217182 | Fixed |
kernel-image-std-def | sisyphus | 4.14.85-alt1 | 6.1.91-alt1 | ALT-PU-2018-2755-1 | 217183 | Fixed |
kernel-image-std-def | p10 | 4.14.85-alt1 | 5.10.216-alt1 | ALT-PU-2018-2755-1 | 217183 | Fixed |
kernel-image-std-def | p9 | 4.14.85-alt1 | 5.4.275-alt1 | ALT-PU-2018-2755-1 | 217183 | Fixed |
kernel-image-std-def | p8 | 4.9.143-alt0.M80P.1 | 4.9.337-alt0.M80P.1 | ALT-PU-2018-2807-1 | 217409 | Fixed |
kernel-image-std-def | c9f2 | 4.14.85-alt1 | 5.10.214-alt0.c9f.2 | ALT-PU-2018-2755-1 | 217183 | Fixed |
kernel-image-std-def | c7 | 4.4.183-alt0.M70C.1 | 4.4.277-alt0.M70C.1 | ALT-PU-2019-2175-1 | 233233 | Fixed |
kernel-image-std-pae | c9f2 | 4.14.86-alt1 | 4.19.72-alt1 | ALT-PU-2018-2814-1 | 217123 | Fixed |
kernel-image-un-def | p8 | 4.14.87-alt0.M80P.1 | 4.19.310-alt0.M80P.1 | ALT-PU-2018-2832-1 | 217631 | Fixed |
kernel-image-un-def | c7 | 4.9.277-alt0.M70C.1 | 4.9.277-alt0.M70C.1 | ALT-PU-2021-3032-1 | 281292 | Fixed |