SUSE-SU-2012:0231-1: moderate: Security update for sysconfig

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Feb 9 11:10:43 MST 2012


   SUSE Security Update: Security update for sysconfig
______________________________________________________________________________

Announcement ID:    SUSE-SU-2012:0231-1
Rating:             moderate
References:         #704234 #735394 
Cross-References:   CVE-2011-4182
Affected Products:
                    SUSE Linux Enterprise Server 10 SP4
                    SUSE Linux Enterprise Desktop 10 SP4
______________________________________________________________________________

   An update that solves one vulnerability and has one errata
   is now available.

Description:


   The following bug has been fixed:

   * sysconfig hook script for NetworkManager did not
   properly quote shell meta characters when processing
   ESSIDs. Specially crafted network names could have
   therefore lead to execution of shell code (CVE-2011-4182).

   Security Issue reference:

   * CVE-2011-4182
   <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4182
   >


Special Instructions and Notes:

   Please reboot the system after installing this update.This
   update triggers a restart of the software management stack.
   More updates will be available for installation after
   applying this update and restarting the application. This
   update triggers a restart of the software management stack.
   More updates will be available for installation after
   applying this update and restarting the application.


Package List:

   - SUSE Linux Enterprise Server 10 SP4 (i586 ia64 ppc s390x x86_64):

      sysconfig-0.50.9-13.68.1

   - SUSE Linux Enterprise Desktop 10 SP4 (i586 x86_64):

      sysconfig-0.50.9-13.68.1


References:

   http://support.novell.com/security/cve/CVE-2011-4182.html
   https://bugzilla.novell.com/704234
   https://bugzilla.novell.com/735394
   http://download.novell.com/patch/finder/?keywords=e1ff0acb7870582081808201b27ba00e



More information about the sle-security-updates mailing list