Insufficient shell quoting in yast2-backup allowed local users to craft special file names that inject shell code into the backup process (CVE-2008-4636).
There is no known workaround, please install the update packages.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE | 11.0 | noarch | yast2-backup | < 2.16.6-0.1 | yast2-backup-2.16.6-0.1.noarch.rpm |
openSUSE | 10.2 | noarch | yast2-backup | < 2.14.2-0.1 | yast2-backup-2.14.2-0.1.noarch.rpm |
openSUSE | 10.3 | noarch | yast2-backup | < 2.15.7-0.1 | yast2-backup-2.15.7-0.1.noarch.rpm |
SUSE Linux Enterprise Server | 10.2 | noarch | yast2-backup | < 2.13.6-0.1 | yast2-backup-2.13.6-0.1.noarch.rpm |
Novell Open Enterprise Server (OES) | any | noarch | yast2-backup | < 2.9.22-0.1 | yast2-backup-2.9.22-0.1.noarch.rpm |