CVE-2015-4156
Publication date 2 June 2015
Last updated 24 July 2024
Ubuntu priority
GNU Parallel before 20150522 (Nepal), when using (1) --cat or (2) --fifo with --sshlogin, allows local users to write to arbitrary files via a symlink attack on a temporary file.
From the Ubuntu Security Team
It was discovered that Parallel incorrectly handled symlinks. An attacker could possibly use this issue to insert, edit or obtain sensitive information.
Status
Package | Ubuntu Release | Status |
---|---|---|
parallel | ||
18.04 LTS bionic |
Not affected
|
|
16.04 LTS xenial |
Fixed 20161222-1~ubuntu0.16.04.1
|
|
14.04 LTS trusty |
Fixed 20161222-1~ubuntu0.14.04.1
|
|