Security update for pigz
SUSE Patch
security@suse.de
SUSE Security Team
SUSE-SU-2015:0716-1
Final
1
1
2013-06-10T16:21:37Z
current
2013-06-10T16:21:37Z
2013-06-10T16:21:37Z
cve-database/bin/generate-cvrf.pl
2017-02-24T01:00:00Z
Security update for pigz
This pigz update to version 2.1.6 includes a security fix and several bug
fixes:
* fix temporary file permission bug (bnc#803933, CVE-2013-0296)
* fix dictzip with #CPU == 1 (bnc#597756)
Security Issue reference:
* CVE-2013-0296
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0296>
The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
slestso13-pigz
Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0)
https://www.suse.com/support/update/announcement/2015/suse-su-20150716-1/
Link for SUSE-SU-2015:0716-1
https://lists.suse.com/pipermail/sle-security-updates/2015-April/001348.html
E-Mail link for SUSE-SU-2015:0716-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/597756
SUSE Bug 597756
https://bugzilla.suse.com/803933
SUSE Bug 803933
https://bugzilla.suse.com/913627
SUSE Bug 913627
https://www.suse.com/security/cve/CVE-2013-0296/
SUSE CVE CVE-2013-0296 page
https://www.suse.com/security/cve/CVE-2015-1191/
SUSE CVE CVE-2015-1191 page
SUSE Studio Onsite 1.3
pigz-2.1.6-0.8.1
pigz-2.1.6-0.8.1 as a component of SUSE Studio Onsite 1.3
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local users to bypass intended access permissions while compression is occurring.
CVE-2013-0296
SUSE Studio Onsite 1.3:pigz-2.1.6-0.8.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150716-1/
https://www.suse.com/security/cve/CVE-2013-0296.html
CVE-2013-0296
https://bugzilla.suse.com/803933
SUSE Bug 803933
Multiple directory traversal vulnerabilities in pigz 2.3.1 allow remote attackers to write to arbitrary files via a (1) full pathname or (2) .. (dot dot) in an archive.
CVE-2015-1191
SUSE Studio Onsite 1.3:pigz-2.1.6-0.8.1
moderate
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
https://www.suse.com/support/update/announcement/2015/suse-su-20150716-1/
https://www.suse.com/security/cve/CVE-2015-1191.html
CVE-2015-1191
https://bugzilla.suse.com/913627
SUSE Bug 913627