OESA-2026-2914

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2914
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2914.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2914
Upstream
  • CVE-2026-54371
Published
2026-07-09T12:50:57Z
Modified
2026-07-09T13:00:05.933566203Z
Summary
attr security update
Details

A set of tools for manipulating extended attributes on file system objects, in particular getfattr(1) and setfattr(1). An attr(1) command is also provided, which is largely compatible with the SGI IRIX tool of the same name.

Security Fix(es):

attr before version 2.6.0 contains a symlink traversal vulnerability in the getfattr and setfattr utilities that allows local attackers to escalate privileges by replacing a pathname component with a symbolic link during directory hierarchy traversal. Attackers who control a pathname component can redirect getfattr and setfattr operations to arbitrary files by substituting a symlink, leading to local privilege escalation when getfattr or setfattr is invoked by a privileged process over an attacker-controlled path.(CVE-2026-54371)

Database specific
{
    "severity": "High"
}
References

Affected packages

openEuler:24.03-LTS-SP3 / attr

Package

Name
attr
Purl
pkg:rpm/openEuler/attr&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.5.1-7.oe2403sp3

Ecosystem specific

{
    "x86_64": [
        "attr-2.5.1-7.oe2403sp3.x86_64.rpm",
        "attr-debuginfo-2.5.1-7.oe2403sp3.x86_64.rpm",
        "attr-debugsource-2.5.1-7.oe2403sp3.x86_64.rpm",
        "attr-help-2.5.1-7.oe2403sp3.x86_64.rpm",
        "libattr-devel-2.5.1-7.oe2403sp3.x86_64.rpm"
    ],
    "src": [
        "attr-2.5.1-7.oe2403sp3.src.rpm"
    ],
    "aarch64": [
        "attr-2.5.1-7.oe2403sp3.aarch64.rpm",
        "attr-debuginfo-2.5.1-7.oe2403sp3.aarch64.rpm",
        "attr-debugsource-2.5.1-7.oe2403sp3.aarch64.rpm",
        "attr-help-2.5.1-7.oe2403sp3.aarch64.rpm",
        "libattr-devel-2.5.1-7.oe2403sp3.aarch64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2914.json"