Which software versions are affected by CVE-2017-14804?

CVE-2017-14804 affects SUSE Linux Enterprise Software Development Kit 11 SP4, SUSE Linux Enterprise Software Development Kit 12 SP2, SUSE Linux Enterprise Software Development Kit 12 SP3, openSUSE Leap 42.2, and openSUSE Leap 42.3.

How severe is CVE-2017-14804?

CVE-2017-14804 has a severity rating of 5.3 out of 10, making it a critical vulnerability.

How can I fix CVE-2017-14804?

To fix CVE-2017-14804, update to the latest version of the build package (20171128 or later) that includes the fix for checking directory names during extraction of build results.

Where can I find more information about CVE-2017-14804?

You can find more information about CVE-2017-14804 at the following references: [1] [2] [3].

Vulnerability/
CVE-2017-14804

critical

9.9

CWE

20 22

1/3/2018

16/9/2024

CVE-2017-14804: package builds could use directory traversal to write outside of target area

First published: Thu Mar 01 2018(Updated: )

The build package before 20171128 did not check directory names during extraction of build results that allowed untrusted builds to write outside of the target system,allowing escape out of buildroots.

Credit: meissner@suse.de

Affected Software	Affected Version	How to fix
SUSE Linux Enterprise Software Development Kit	=11-sp4
SUSE Linux Enterprise Software Development Kit	=12-sp2
SUSE Linux Enterprise Software Development Kit	=12-sp3
openSUSE Leap	=42.2
openSUSE Leap	=42.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2017-14804?
CVE-2017-14804 is a vulnerability that allows untrusted builds to write outside of the target system, potentially leading to an escape out of buildroots.
Which software versions are affected by CVE-2017-14804?
CVE-2017-14804 affects SUSE Linux Enterprise Software Development Kit 11 SP4, SUSE Linux Enterprise Software Development Kit 12 SP2, SUSE Linux Enterprise Software Development Kit 12 SP3, openSUSE Leap 42.2, and openSUSE Leap 42.3.
How severe is CVE-2017-14804?
CVE-2017-14804 has a severity rating of 5.3 out of 10, making it a critical vulnerability.
How can I fix CVE-2017-14804?
To fix CVE-2017-14804, update to the latest version of the build package (20171128 or later) that includes the fix for checking directory names during extraction of build results.
Where can I find more information about CVE-2017-14804?
You can find more information about CVE-2017-14804 at the following references: [1] [2] [3].

collector/nvd-index
agent/weakness
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/severity
agent/author
agent/last-modified-date
agent/title
agent/tags
agent/description
agent/first-publish-date
agent/event
vendor/suse
canonical/suse linux enterprise software development kit
version/suse linux enterprise software development kit/11-sp4
version/suse linux enterprise software development kit/12-sp2
version/suse linux enterprise software development kit/12-sp3
vendor/opensuse
canonical/opensuse leap
version/opensuse leap/42.2
version/opensuse leap/42.3

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.