SUSE-SU-2019:2719-2

Опубликовано: 12 нояб. 2019

Источник: suse-cvrf

Описание

Security update for python-xdg

This update for python-xdg fixes the following issues:

Security issue fixed:

CVE-2014-1624: Fixed a TOCTOU race condition in get_runtime_dir(). (bsc#859835)

Список пакетов

SUSE Linux Enterprise Server 12 SP5

python-xdg-0.25-9.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

python-xdg-0.25-9.3.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20192719-2/
Link for SUSE-SU-2019:2719-2
https://lists.suse.com/pipermail/sle-security-updates/2019-November/006123.html
E-Mail link for SUSE-SU-2019:2719-2
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/859835
SUSE Bug 859835
https://www.suse.com/security/cve/CVE-2014-1624/
SUSE CVE CVE-2014-1624 page

Описание

Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to a victim-owned location, then replacing it with a symlink to an attacker-controlled location once the get_runtime_dir function is called.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:python-xdg-0.25-9.3.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:python-xdg-0.25-9.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2014-1624.html
CVE-2014-1624
https://bugzilla.suse.com/859835
SUSE Bug 859835

SUSE-SU-2019:2719-2

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2014-1624

Описание

Затронутые продукты

Ссылки