536356 – =x11-drivers/xf86-video-intel-2.99.911-r1: Directory traversal vulnerability (CVE-2014-4910)

Bug 536356 - =x11-drivers/xf86-video-intel-2.99.911-r1: Directory traversal vulnerability (CVE-2014-4910)

Summary: =x11-drivers/xf86-video-intel-2.99.911-r1: Directory traversal vulnerability ...

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal trivial (vote)
Assignee:	Gentoo Security

URL:
Whiteboard:	~4 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2015-01-11 19:45 UTC by GLSAMaker/CVETool Bot
Modified:	2015-01-12 22:20 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description GLSAMaker/CVETool Bot gentoo-dev

2015-01-11 19:45:01 UTC

CVE-2014-4910 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2014-4910):
  Directory traversal vulnerability in tools/backlight_helper.c in X.Org
  xf86-video-intel 2.99.911 allows remote attackers to create or overwrite
  arbitrary files via a .. (dot dot) in the interface name.


Maintainer(s), please drop the vulnerable version.

Comment 1 Rémi Cardona (RETIRED) gentoo-dev

2015-01-12 21:23:15 UTC

patch linked in the CVE appears in .913, will remove
 * 2.99.911-r1
 * 2.99.912
 * 2.99.912-r1

Comment 2 Rémi Cardona (RETIRED) gentoo-dev

2015-01-12 22:06:54 UTC

+  12 Jan 2015; Rémi Cardona <remi@gentoo.org>
+  -xf86-video-intel-2.99.911-r1.ebuild, -xf86-video-intel-2.99.912.ebuild,
+  -xf86-video-intel-2.99.912-r1.ebuild:
+  Remove versions vulnerable to CVE-2014-4910, see bug #536356.
+

Comment 3 Mikle Kolyada (RETIRED) archtester

2015-01-12 22:20:19 UTC

Closed as [noglsa].