Описание
Security update for libstorage
This update for libstorage fixes the following issues:
- Use stdin, not tmp files for passwords (bsc#986971, CVE-2016-5746)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP1
libstorage-ruby-2.25.35.1-3.1
libstorage6-2.25.35.1-3.1
SUSE Linux Enterprise Server 12 SP1
libstorage-ruby-2.25.35.1-3.1
libstorage6-2.25.35.1-3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1
libstorage-ruby-2.25.35.1-3.1
libstorage6-2.25.35.1-3.1
SUSE Linux Enterprise Software Development Kit 12 SP1
libstorage-devel-2.25.35.1-3.1
Ссылки
- Link for SUSE-SU-2016:2189-1
- E-Mail link for SUSE-SU-2016:2189-1
- SUSE Security Ratings
- SUSE Bug 986971
- SUSE CVE CVE-2016-5746 page
Описание
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP1:libstorage-ruby-2.25.35.1-3.1
SUSE Linux Enterprise Desktop 12 SP1:libstorage6-2.25.35.1-3.1
SUSE Linux Enterprise Server 12 SP1:libstorage-ruby-2.25.35.1-3.1
SUSE Linux Enterprise Server 12 SP1:libstorage6-2.25.35.1-3.1
Ссылки
- CVE-2016-5746
- SUSE Bug 984245
- SUSE Bug 986971