Описание
Security update for yast2-storage
This update for yast2-storage provides the following fixes:
Security issues fixed:
- Use standard IPC, and not temporary files, to pass passwords between processes. (bsc#986971, CVE-2016-5746)
Non security bugs fixed:
- Fix usage of complete multipath disk as LVM physical volume. (bsc#984245)
- Load the correct multipath module (dm-multipath). (bsc#937942)
- Improve message for creating volumes with a filesystem but without a mount point. (bsc#996208)
Список пакетов
SUSE Linux Enterprise Server 11 SP4
yast2-storage-2.17.161-5.1
yast2-storage-lib-2.17.161-5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4
yast2-storage-2.17.161-5.1
yast2-storage-lib-2.17.161-5.1
SUSE Linux Enterprise Software Development Kit 11 SP4
yast2-storage-devel-2.17.161-5.1
Ссылки
- Link for SUSE-SU-2016:2353-1
- E-Mail link for SUSE-SU-2016:2353-1
- SUSE Security Ratings
- SUSE Bug 937942
- SUSE Bug 984245
- SUSE Bug 986971
- SUSE Bug 996208
- SUSE CVE CVE-2016-5746 page
Описание
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP4:yast2-storage-2.17.161-5.1
SUSE Linux Enterprise Server 11 SP4:yast2-storage-lib-2.17.161-5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:yast2-storage-2.17.161-5.1
SUSE Linux Enterprise Server for SAP Applications 11 SP4:yast2-storage-lib-2.17.161-5.1
Ссылки
- CVE-2016-5746
- SUSE Bug 984245
- SUSE Bug 986971