Описание
Security update for trousers
This update for trousers fixes the following issues:
- CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651).
Список пакетов
Container suse/sles/15.3/virt-launcher:0.45.0
trousers-0.3.14-6.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
libtspi1-0.3.14-6.3.1
trousers-0.3.14-6.3.1
trousers-devel-0.3.14-6.3.1
Ссылки
- Link for SUSE-SU-2019:3349-1
- E-Mail link for SUSE-SU-2019:3349-1
- SUSE Security Ratings
- SUSE Bug 1157651
- SUSE CVE CVE-2019-18898 page
Описание
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
Затронутые продукты
Container suse/sles/15.3/virt-launcher:0.45.0:trousers-0.3.14-6.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1
Ссылки
- CVE-2019-18898
- SUSE Bug 1154062
- SUSE Bug 1157651