Описание
Security update for libstorage
This update for libstorage fixes the following issues:
- Use stdin, not tmp files for passwords (bsc#986971, CVE-2016-5746)
Список пакетов
SUSE Linux Enterprise Server 12-LTSS
libstorage-ruby-2.25.16.1-3.1
libstorage5-2.25.16.1-3.1
SUSE Linux Enterprise Server for SAP Applications 12
libstorage-ruby-2.25.16.1-3.1
libstorage5-2.25.16.1-3.1
Ссылки
- Link for SUSE-SU-2016:2355-1
- E-Mail link for SUSE-SU-2016:2355-1
- SUSE Security Ratings
- SUSE Bug 986971
- SUSE CVE CVE-2016-5746 page
Описание
libstorage, libstorage-ng, and yast-storage improperly store passphrases for encrypted storage devices in a temporary file on disk, which might allow local users to obtain sensitive information by reading the file, as demonstrated by /tmp/libstorage-XXXXXX/pwdf.
Затронутые продукты
SUSE Linux Enterprise Server 12-LTSS:libstorage-ruby-2.25.16.1-3.1
SUSE Linux Enterprise Server 12-LTSS:libstorage5-2.25.16.1-3.1
SUSE Linux Enterprise Server for SAP Applications 12:libstorage-ruby-2.25.16.1-3.1
SUSE Linux Enterprise Server for SAP Applications 12:libstorage5-2.25.16.1-3.1
Ссылки
- CVE-2016-5746
- SUSE Bug 984245
- SUSE Bug 986971