Novell Home

CVE-2010-4226

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2010-4226 at MITRE

Description

cpio, as used in build 2007.05.10, 2010.07.28, and possibly other versions, allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive.

NVD CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:N/I:P/A:N)

Novell/SUSE information

Novell Bugzilla entry: 665768

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SLE SDK 10 SP4 for IBM iSeries and IBM pSeries
SLE SDK 10 SP4 for IBM zSeries
SLE SDK 10 SP4 for IPF
SLE SDK 10 SP4 for X86-64
SLE SDK 10 SP4 for x86
SUSE Linux Enterprise Desktop 10 SP4 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP4 for x86
  • build >= 2007.05.10-0.16.1
sled10-sp4.x86
sle10-sp4-sdk.ia64
sle10-sp4-sdk.x86
sle10-sp4-sdk.s390x
sle10-sp4-sdk.ppc
sle10-sp4-sdk.x86-64
sled10-sp4.x86-64
ZYPP Patch Nr: 7395
SUSE Linux Enterprise Desktop 10 SP3 for AMD64 and Intel EM64T
SUSE Linux Enterprise Desktop 10 SP3 for x86
SUSE Linux Enterprise SDK 10 SP3
  • build >= 2007.05.10-0.16.1
sle10-sp3-sdk.s390x
sled10-sp3.x86-64
sle10-sp3-sdk.ppc
sle10-sp3-sdk.x86
sle10-sp3-sdk.ia64
sled10-sp3.x86
sle10-sp3-sdk.x86-64
ZYPP Patch Nr: 7372
SUSE Linux Enterprise Software Development Kit 11 SP1
  • build >= 2010.07.28-1.13.1
sle11-sp1-sdk.x86-64
sle11-sp1-sdk.x86
sle11-sp1-sdk.ppc
sle11-sp1-sdk.s390x
sle11-sp1-sdk.ia64
SAT Patch Nr: 3846
openSUSE 11.2
  • build >= 2010.07.28-1.3.1
openSUSE 11.3
  • build >= 2010.07.28-1.3.1
  • build-mkbaselibs >= 2010.07.28-1.3.1

© 2014 Novell