Overview

File _patchinfo of Package patchinfo.450

<patchinfo incident="450">
  <issue id="913376" tracker="bnc">can't open autofs: No such file or directory at /sbin/insserv line 80</issue>
  <issue id="917977" tracker="bnc">VUL-0: EMBARGOED: CVE-2014-8169: autofs: potential privilege escalation via interpreter load path for program-based automount maps</issue>
  <issue id="909472" tracker="bnc">autofs.service: AUTOFS_OPTIONS not correctly passed to automount process</issue>
  <issue id="901448" tracker="bnc">autofs compiled with --disable-sloppy-mount doesn't allow -s option with mount - SLES12 GMC2</issue>
  <issue id="916203" tracker="bnc">autofs: sloppy mount option</issue>
  <issue id="CVE-2014-8169" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>mszeredi</packager>
  <description>autofs was updated to fix one security issue.

This security issue was fixed:
- CVE-2014-8169: Prevent potential privilege escalation via interpreter load path for program-based automount maps (bnc#917977).

These non-security issues were fixed:
- Dont pass sloppy option for other than nfs mounts (bnc#901448, bnc#916203)
- Fix insserv warning at postinstall (bnc#913376)
- Fix autofs.service so that multiple options passed through sysconfig AUTOFS_OPTIONS work correctly (bnc#909472)
</description>
  <summary>Security update for autofs</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places