Scientific Linux alert SLSA-2017:2788-1 (augeas) [LWN.net]


From:
    	       Pat Riehecky <riehecky@fnal.gov> 
To:
    	       <scientific-linux-errata@listserv.fnal.gov> 
Subject:
    	       Security ERRATA Important: augeas on SL7.x x86_64 
Date:
    	       Thu, 21 Sep 2017 13:44:48 +0000
Message-ID:
    	       <20170921134448.12750.84437@slpackages.fnal.gov>
Synopsis:          Important: augeas security update
Advisory ID:       SLSA-2017:2788-1
Issue Date:        2017-09-21
CVE Numbers:       CVE-2017-7555
--

Security Fix(es):

* A vulnerability was discovered in augeas affecting the handling of
escaped strings. An attacker could send crafted strings that would cause
the application using augeas to copy past the end of a buffer, leading to
a crash or possible code execution. (CVE-2017-7555)
--

SL7
  x86_64
    augeas-1.4.0-2.el7_4.1.x86_64.rpm
    augeas-debuginfo-1.4.0-2.el7_4.1.i686.rpm
    augeas-debuginfo-1.4.0-2.el7_4.1.x86_64.rpm
    augeas-libs-1.4.0-2.el7_4.1.i686.rpm
    augeas-libs-1.4.0-2.el7_4.1.x86_64.rpm
    augeas-devel-1.4.0-2.el7_4.1.i686.rpm
    augeas-devel-1.4.0-2.el7_4.1.x86_64.rpm

- Scientific Linux Development Team

From:		Pat Riehecky <riehecky@fnal.gov>
To:		<scientific-linux-errata@listserv.fnal.gov>
Subject:		Security ERRATA Important: augeas on SL7.x x86_64
Date:		Thu, 21 Sep 2017 13:44:48 +0000
Message-ID:		<20170921134448.12750.84437@slpackages.fnal.gov>