openSUSE alert openSUSE-SU-2015:0856-1 (gnu_parallel)

From:
    	     
 
opensuse-security@opensuse.org 
To:
    	     
 
opensuse-updates@opensuse.org 
Subject:
    	     
 
openSUSE-SU-2015:0856-1: Security update for gnu_parallel 
Date:
    	     
 
Tue, 12 May 2015 17:06:09 +0200 (CEST)
Message-ID:
    	     
 
<20150512150609.422633215E@maintenance.suse.de>
   openSUSE Security Update: Security update for gnu_parallel
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2015:0856-1
Rating:             low
References:         #928664 
Affected Products:
                    openSUSE 13.2
                    openSUSE 13.1
______________________________________________________________________________

   An update that contains security fixes can now be installed.

Description:

   GNU parallel was updated to version 20150422 to fix one security issue,
   several bugs and add functionality.

   The following vulnerability was fixed:

   * A local attacker could make a user overwrite one of his own files with a
     single byte when using --compress, --tmux, --pipe, --cat or --fifo when
     guessing random file names within a time window of 15 ms. [boo#928664]

   In addition, the update to 20150422 adds a number of bug fixes,
   improvements and new features.


Patch Instructions:

   To install this openSUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - openSUSE 13.2:

      zypper in -t patch openSUSE-2015-358=1

   - openSUSE 13.1:

      zypper in -t patch openSUSE-2015-358=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - openSUSE 13.2 (noarch):

      gnu_parallel-20150422-2.3.1
      gnu_parallel-doc-20150422-2.3.1

   - openSUSE 13.1 (noarch):

      gnu_parallel-20150422-2.3.1
      gnu_parallel-doc-20150422-2.3.1


References:

   https://bugzilla.suse.com/928664