SUSE-SU-2015:1020-1: moderate: Security update for autofs

sle-security-updates at sle-security-updates at
Tue Jun 9 08:05:54 MDT 2015

   SUSE Security Update: Security update for autofs

Announcement ID:    SUSE-SU-2015:1020-1
Rating:             moderate
References:         #901448 #909472 #913376 #916203 #917977 
Cross-References:   CVE-2014-8169
Affected Products:
                    SUSE Linux Enterprise Server 12
                    SUSE Linux Enterprise Desktop 12

   An update that solves one vulnerability and has four fixes
   is now available.


   autofs was updated to fix one security issue.

   This security issue was fixed:
   - CVE-2014-8169: Prevent potential privilege escalation via interpreter
     load path for program-based automount maps (bnc#917977).

   These non-security issues were fixed:
   - Dont pass sloppy option for other than nfs mounts (bnc#901448,
   - Fix insserv warning at postinstall (bnc#913376)
   - Fix autofs.service so that multiple options passed through sysconfig
     AUTOFS_OPTIONS work correctly (bnc#909472)

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Server 12:

      zypper in -t patch SUSE-SLE-SERVER-12-2015-248=1

   - SUSE Linux Enterprise Desktop 12:

      zypper in -t patch SUSE-SLE-DESKTOP-12-2015-248=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Server 12 (ppc64le s390x x86_64):


   - SUSE Linux Enterprise Desktop 12 (x86_64):



More information about the sle-security-updates mailing list