Debian Augeas vulnerabilities

CVE-2025-2588 [MEDIUM] CVE-2025-2588: augeas - A vulnerability has been found in Hercules Augeas 1.14.1 and classified as probl... A vulnerability has been found in Hercules Augeas 1.14.1 and classified as problematic. This vulnerability affects the function re_case_expand of the file src/fa.c. The manipulation of the argument re leads to null pointer dereference. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used. Scope: local bookworm: open bullsey

CVE-2017-7555 [CRITICAL] CVE-2017-7555: augeas - Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer ov... Augeas versions up to and including 1.8.0 are vulnerable to heap-based buffer overflow due to improper handling of escaped strings. Attacker could send crafted strings that would cause the application using augeas to copy past the end of a buffer, leading to a crash or possible code execution. Scope: local bookworm: resolved (fixed in 1.8.1-1) bullseye: resolved (f

CVE-2013-6412 [MEDIUM] CVE-2013-6412: augeas - The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does no... The transform_save function in transform.c in Augeas 1.0.0 through 1.1.0 does not properly calculate the permission values when the umask contains a "7," which causes world-writable permissions to be used for new files and allows local users to modify the files via unspecified vectors. Scope: local bookworm: resolved (fixed in 1.2.0-0.1) bullseye: resolved (fixed in

CVE-2012-0786 [LOW] CVE-2012-0786: augeas - The transform_save function in transform.c in Augeas before 1.0.0 allows local u... The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file. Scope: local bookworm: resolved (fixed in 1.0.0-1) bullseye: resolved (fixed in 1.0.0-1) forky: resolved (fixed in 1.0.0-1) sid: resolved (fixed in 1.0.0-1) trixie: resolved (fixed in 1

CVE-2012-6607 [LOW] CVE-2012-6607: augeas - The transform_save function in transform.c in Augeas before 1.0.0 allows local u... The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augsave file in a backup save action, a different vector than CVE-2012-0786. Scope: local bookworm: resolved (fixed in 1.0.0-1) bullseye: resolved (fixed in 1.0.0-1) forky: resolved (fixed in 1.0.0-

CVE-2012-0787 [LOW] CVE-2012-0787: augeas - The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_renam... The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files and obtain sensitive information via a bind mount on the (1) .augsave or (2) destination file when using the backup save option, or (3) .augnew file when using the newfile sa