[ MDVSA-2015:047 ] elfutils

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

 _______________________________________________________________________

 Mandriva Linux Security Advisory                         MDVSA-2015:047
 http://www.mandriva.com/en/support/security/
 _______________________________________________________________________

 Package : elfutils
 Date    : February 12, 2015
 Affected: Business Server 1.0
 _______________________________________________________________________

 Problem Description:

 Updated elfutils packages fix security vulnerability:
 
 Directory traversal vulnerability in the read_long_names function in
 libelf/elf_begin.c in elfutils allows remote attackers to write to
 arbitrary files to the root directory via a / (slash) in a crafted
 archive, as demonstrated using the ar program (CVE-2014-9447).
 _______________________________________________________________________

 References:

 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9447
 http://advisories.mageia.org/MGASA-2015-0033.html
 ____

007 Software

[ MDVSA-2015:047 ] elfutils

Leave a Reply Cancel reply

Software and Security Information