Issue Overview:
Multiple flaws were found in the way Augeas handled configuration files when updating them. An application using Augeas to update configuration files in a directory that is writable to by a different user (for example, an application running as root that is updating files in a directory owned by a non-root service user) could have been tricked into overwriting arbitrary files or leaking information via a symbolic link or mount point attack. (CVE-2012-0786, CVE-2012-0787)
Affected Packages:
augeas
Issue Correction:
Run yum update augeas to update your system.
New Packages:
i686:
augeas-libs-1.0.0-5.5.amzn1.i686
augeas-debuginfo-1.0.0-5.5.amzn1.i686
augeas-1.0.0-5.5.amzn1.i686
augeas-devel-1.0.0-5.5.amzn1.i686
src:
augeas-1.0.0-5.5.amzn1.src
x86_64:
augeas-devel-1.0.0-5.5.amzn1.x86_64
augeas-1.0.0-5.5.amzn1.x86_64
augeas-debuginfo-1.0.0-5.5.amzn1.x86_64
augeas-libs-1.0.0-5.5.amzn1.x86_64
Red Hat: CVE-2012-0786, CVE-2012-0787
Mitre: CVE-2012-0786, CVE-2012-0787
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Amazon Linux | 1 | i686 | augeas-libs | < 1.0.0-5.5.amzn1 | augeas-libs-1.0.0-5.5.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | augeas-debuginfo | < 1.0.0-5.5.amzn1 | augeas-debuginfo-1.0.0-5.5.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | augeas | < 1.0.0-5.5.amzn1 | augeas-1.0.0-5.5.amzn1.i686.rpm |
Amazon Linux | 1 | i686 | augeas-devel | < 1.0.0-5.5.amzn1 | augeas-devel-1.0.0-5.5.amzn1.i686.rpm |
Amazon Linux | 1 | x86_64 | augeas-devel | < 1.0.0-5.5.amzn1 | augeas-devel-1.0.0-5.5.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | augeas | < 1.0.0-5.5.amzn1 | augeas-1.0.0-5.5.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | augeas-debuginfo | < 1.0.0-5.5.amzn1 | augeas-debuginfo-1.0.0-5.5.amzn1.x86_64.rpm |
Amazon Linux | 1 | x86_64 | augeas-libs | < 1.0.0-5.5.amzn1 | augeas-libs-1.0.0-5.5.amzn1.x86_64.rpm |