hardlink-1.0.g50-1.7 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10055 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z hardlink-1.0.g50-1.7 on GA media These are all security issues fixed in the hardlink-1.0.g50-1.7 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10055 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:10055 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2011-3630/ SUSE CVE CVE-2011-3630 page https://www.suse.com/security/cve/CVE-2011-3631/ SUSE CVE CVE-2011-3631 page https://www.suse.com/security/cve/CVE-2011-3632/ SUSE CVE CVE-2011-3632 page openSUSE Tumbleweed hardlink-1.0.g50-1.7 hardlink-1.0.g50-1.7 as a component of openSUSE Tumbleweed Hardlink before 0.1.2 suffer from multiple stack-based buffer overflow flaws because of the way directory trees with deeply nested directories are processed. A remote attacker could provide a specially-crafted directory tree, and trick the local user into consolidating it, leading to hardlink executable crash, or, potentially arbitrary code execution with the privileges of the user running the hardlink executable. CVE-2011-3630 openSUSE Tumbleweed:hardlink-1.0.g50-1.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3630.html CVE-2011-3630 Hardlink before 0.1.2 has multiple integer overflows leading to heap-based buffer overflows because of the way string lengths concatenation is done in the calculation of the required memory space to be used. A remote attacker could provide a specially-crafted directory tree and trick the local user into consolidating it, leading to hardlink executable crash or potentially arbitrary code execution with user privileges. CVE-2011-3631 openSUSE Tumbleweed:hardlink-1.0.g50-1.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3631.html CVE-2011-3631 Hardlink before 0.1.2 operates on full file system objects path names which can allow a local attacker to use this flaw to conduct symlink attacks. CVE-2011-3632 openSUSE Tumbleweed:hardlink-1.0.g50-1.7 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2011-3632.html CVE-2011-3632