OESA-2026-2913

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2913
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2913.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2913
Upstream
  • CVE-2026-54371
Published
2026-07-09T12:50:55Z
Modified
2026-07-09T13:00:05.939724850Z
Summary
attr security update
Details

A set of tools for manipulating extended attributes on file system objects, in particular getfattr(1) and setfattr(1). An attr(1) command is also provided, which is largely compatible with the SGI IRIX tool of the same name.

Security Fix(es):

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can redirect getfattr and setfattr operations to arbitrary files by substituting a symlink, leading to local privilege escalation when getfattr or setfattr is invoked by a privileged process over an attacker-controlled path.(CVE-2026-54371)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP1 / attr

Package

Name
attr
Purl
pkg:rpm/openEuler/attr&distro=openEuler-24.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1-7.oe2403sp1

Ecosystem specific

{
    "x86_64": [
        "attr-2.5.1-7.oe2403sp1.x86_64.rpm",
        "attr-debuginfo-2.5.1-7.oe2403sp1.x86_64.rpm",
        "attr-debugsource-2.5.1-7.oe2403sp1.x86_64.rpm",
        "attr-help-2.5.1-7.oe2403sp1.x86_64.rpm",
        "libattr-devel-2.5.1-7.oe2403sp1.x86_64.rpm"
    ],
    "src": [
        "attr-2.5.1-7.oe2403sp1.src.rpm"
    ],
    "aarch64": [
        "attr-2.5.1-7.oe2403sp1.aarch64.rpm",
        "attr-debuginfo-2.5.1-7.oe2403sp1.aarch64.rpm",
        "attr-debugsource-2.5.1-7.oe2403sp1.aarch64.rpm",
        "attr-help-2.5.1-7.oe2403sp1.aarch64.rpm",
        "libattr-devel-2.5.1-7.oe2403sp1.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2913.json"