CVE-2015-4155
Published: 2 June 2015
GNU Parallel before 20150422, when using (1) --pipe, (2) --tmux, (3) --cat, (4) --fifo, or (5) --compress, allows local users to write to arbitrary files via a symlink attack on a temporary file.
From the Ubuntu Security Team
It was discovered that Parallel incorrectly handled symlinks. An attacker could possibly use this issue to insert, edit or obtain sensitive information.
Priority
Status
Package | Release | Status |
---|---|---|
parallel Launchpad, Ubuntu, Debian |
artful |
Ignored
(end of life)
|
bionic |
Not vulnerable
(20161222-1)
|
|
cosmic |
Not vulnerable
(20161222-1)
|
|
precise |
Does not exist
|
|
trusty |
Released
(20161222-1~ubuntu0.14.04.1)
|
|
upstream |
Released
(20161222-1)
|
|
utopic |
Ignored
(end of life)
|
|
vivid |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Released
(20161222-1~ubuntu0.16.04.1)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
This vulnerability is mitigated in part by the use of symlink restrictions in Ubuntu. |