Описание
Security update for permissions
This update for permissions fixes the following issues:
- CVE-2019-3690: Fixed a privilege escalation through untrusted symlinks (bsc#1150734).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
permissions-2013.1.7-0.6.5.1
SUSE Linux Enterprise Server 11 SP4-LTSS
permissions-2013.1.7-0.6.5.1
Ссылки
- Link for SUSE-SU-2019:14237-1
- E-Mail link for SUSE-SU-2019:14237-1
- SUSE Security Ratings
- SUSE Bug 1150734
- SUSE Bug 1157198
- SUSE CVE CVE-2019-3690 page
Описание
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:permissions-2013.1.7-0.6.5.1
SUSE Linux Enterprise Server 11 SP4-LTSS:permissions-2013.1.7-0.6.5.1
Ссылки
- CVE-2019-3690
- SUSE Bug 1148336
- SUSE Bug 1150734
- SUSE Bug 1157880
- SUSE Bug 1157883
- SUSE Bug 1160594
- SUSE Bug 1160764
- SUSE Bug 1163922