autofs-5.1.1-3.5 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10319-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z autofs-5.1.1-3.5 on GA media These are all security issues fixed in the autofs-5.1.1-3.5 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10319 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2014-8169/ SUSE CVE CVE-2014-8169 page openSUSE Tumbleweed autofs-5.1.1-3.5 autofs-5.1.1-3.5 as a component of openSUSE Tumbleweed automount 5.0.8, when a program map uses certain interpreted languages, uses the calling user's USER and HOME environment variable values instead of the values for the user used to run the mapped program, which allows local users to gain privileges via a Trojan horse program in the user home directory. CVE-2014-8169 openSUSE Tumbleweed:autofs-5.1.1-3.5 moderate 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2014-8169.html CVE-2014-8169 https://bugzilla.suse.com/917977 SUSE Bug 917977