Описание
Security update for python-xdg
This update for python-xdg fixes the following issues:
Security issue fixed:
- CVE-2014-1624: Fixed a TOCTOU race condition in get_runtime_dir(). (bsc#859835)
Список пакетов
SUSE Linux Enterprise Desktop 12 SP4
python-xdg-0.25-9.3.1
SUSE Linux Enterprise Server 12 SP4
python-xdg-0.25-9.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
python-xdg-0.25-9.3.1
Ссылки
- Link for SUSE-SU-2019:2719-1
- E-Mail link for SUSE-SU-2019:2719-1
- SUSE Security Ratings
- SUSE Bug 859835
- SUSE CVE CVE-2014-1624 page
Описание
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:python-xdg-0.25-9.3.1
SUSE Linux Enterprise Server 12 SP4:python-xdg-0.25-9.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4:python-xdg-0.25-9.3.1
Ссылки
- CVE-2014-1624
- SUSE Bug 859835