melange-0.3.2-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:12835 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z melange-0.3.2-1.1 on GA media These are all security issues fixed in the melange-0.3.2-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-12835 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:12835 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2017-5226/ SUSE CVE CVE-2017-5226 page openSUSE Tumbleweed melange-0.3.2-1.1 melange-bash-completion-0.3.2-1.1 melange-fish-completion-0.3.2-1.1 melange-zsh-completion-0.3.2-1.1 melange-0.3.2-1.1 as a component of openSUSE Tumbleweed melange-bash-completion-0.3.2-1.1 as a component of openSUSE Tumbleweed melange-fish-completion-0.3.2-1.1 as a component of openSUSE Tumbleweed melange-zsh-completion-0.3.2-1.1 as a component of openSUSE Tumbleweed When executing a program via the bubblewrap sandbox, the nonpriv session can escape to the parent session by using the TIOCSTI ioctl to push characters into the terminal's input buffer, allowing an attacker to escape the sandbox. CVE-2017-5226 openSUSE Tumbleweed:melange-0.3.2-1.1 openSUSE Tumbleweed:melange-bash-completion-0.3.2-1.1 openSUSE Tumbleweed:melange-fish-completion-0.3.2-1.1 openSUSE Tumbleweed:melange-zsh-completion-0.3.2-1.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2017-5226.html CVE-2017-5226 https://bugzilla.suse.com/1130637 SUSE Bug 1130637 https://bugzilla.suse.com/1173998 SUSE Bug 1173998 https://bugzilla.suse.com/1174073 SUSE Bug 1174073 https://bugzilla.suse.com/1209411 SUSE Bug 1209411