Security update for llvm SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2015:0245-1 Final 1 1 2015-01-30T17:19:17Z current 2015-01-30T17:19:17Z 2015-01-30T17:19:17Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for llvm llvm was updated to fix one security issue. This security issue was fixed: - Insecure temporary file handling in clang's scan-build utility (CVE-2014-2893). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2015-02/msg00038.html E-Mail link for openSUSE-SU-2015:0245-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings libLLVM-3.3-6.7.1 libLLVM-32bit-3.3-6.7.1 libclang-3.3-6.7.1 llvm-3.3-6.7.1 llvm-clang-3.3-6.7.1 llvm-clang-devel-3.3-6.7.1 llvm-devel-3.3-6.7.1 llvm-vim-plugins-3.3-6.7.1 The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directories with predictable names. CVE-2014-2893 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2015-02/msg00038.html https://www.suse.com/security/cve/CVE-2014-2893.html CVE-2014-2893 https://bugzilla.suse.com/874798 SUSE Bug 874798