SUSE-SU-2020:1581-1

Опубликовано: 09 июн. 2020

Источник: suse-cvrf

Описание

Security update for texlive

This update for texlive fixes the following issues:

Security issues fixed:

CVE-2020-8016: Fixed a race condition in the spec file (bsc#1159740).
CVE-2020-8017: Fixed a race condition on a cron job (bsc#1158910).
Fixed an issue where pstopdf was crashing (bsc#1138793).

Список пакетов

SUSE Linux Enterprise Server 12 SP4

libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server 12 SP5

libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server for SAP Applications 12 SP4

libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server for SAP Applications 12 SP5

libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Software Development Kit 12 SP4

libptexenc1-1.3.2dev-22.8.2

texlive-2013.20130620-22.8.2

texlive-bibtex-bin-2013.20130620.svn30088-22.8.2

texlive-bin-devel-2013.20130620-22.8.2

texlive-checkcites-bin-2013.20130620.svn25623-22.8.2

texlive-collection-basic-2013.74.svn30372-16.12.1

texlive-collection-fontsrecommended-2013.74.svn30307-16.12.1

texlive-collection-htmlxml-2013.74.svn30307-16.12.1

texlive-collection-latex-2013.74.svn30308-16.12.1

texlive-collection-latexrecommended-2013.74.svn30811-16.12.1

texlive-collection-luatex-2013.74.svn30790-16.12.1

texlive-collection-xetex-2013.74.svn30396-16.12.1

texlive-context-bin-2013.20130620.svn29741-22.8.2

texlive-cweb-bin-2013.20130620.svn30088-22.8.2

texlive-devel-2013.74-16.12.1

texlive-dviasm-bin-2013.20130620.svn8329-22.8.2

texlive-dvidvi-bin-2013.20130620.svn30088-22.8.2

texlive-dviljk-bin-2013.20130620.svn30088-22.8.2

texlive-dvipdfmx-bin-2013.20130620.svn30845-22.8.2

texlive-dvipng-bin-2013.20130620.svn30845-22.8.2

texlive-dvips-bin-2013.20130620.svn30088-22.8.2

texlive-dvisvgm-bin-2013.20130620.svn30613-22.8.2

texlive-extratools-2013.74-16.12.1

texlive-filesystem-2013.74-16.12.1

texlive-gsftopk-bin-2013.20130620.svn30088-22.8.2

texlive-jadetex-bin-2013.20130620.svn3006-22.8.2

texlive-kpathsea-bin-2013.20130620.svn30088-22.8.2

texlive-kpathsea-devel-6.2.0dev-22.8.2

texlive-lacheck-bin-2013.20130620.svn30088-22.8.2

texlive-latex-bin-bin-2013.20130620.svn14050-22.8.2

texlive-lua2dox-bin-2013.20130620.svn29053-22.8.2

texlive-luaotfload-bin-2013.20130620.svn30313-22.8.2

texlive-luatex-bin-2013.20130620.svn30845-22.8.2

texlive-makeindex-bin-2013.20130620.svn30088-22.8.2

texlive-metafont-bin-2013.20130620.svn30088-22.8.2

texlive-metapost-bin-2013.20130620.svn30845-22.8.2

texlive-mfware-bin-2013.20130620.svn30088-22.8.2

texlive-mptopdf-bin-2013.20130620.svn18674-22.8.2

texlive-pdftex-bin-2013.20130620.svn30845-22.8.2

texlive-pstools-bin-2013.20130620.svn30088-22.8.2

texlive-ptexenc-devel-1.3.2dev-22.8.2

texlive-seetexk-bin-2013.20130620.svn30088-22.8.2

texlive-splitindex-bin-2013.20130620.svn29688-22.8.2

texlive-tetex-bin-2013.20130620.svn29741-22.8.2

texlive-tex-bin-2013.20130620.svn30088-22.8.2

texlive-tex4ht-bin-2013.20130620.svn30088-22.8.2

texlive-texconfig-bin-2013.20130620.svn29741-22.8.2

texlive-thumbpdf-bin-2013.20130620.svn6898-22.8.2

texlive-vlna-bin-2013.20130620.svn30088-22.8.2

texlive-web-bin-2013.20130620.svn30088-22.8.2

texlive-xdvi-bin-2013.20130620.svn30088-22.8.2

texlive-xetex-bin-2013.20130620.svn30845-22.8.2

texlive-xmltex-bin-2013.20130620.svn3006-22.8.2

SUSE Linux Enterprise Software Development Kit 12 SP5

libptexenc1-1.3.2dev-22.8.2

texlive-2013.20130620-22.8.2

texlive-bibtex-bin-2013.20130620.svn30088-22.8.2

texlive-bin-devel-2013.20130620-22.8.2

texlive-checkcites-bin-2013.20130620.svn25623-22.8.2

texlive-collection-basic-2013.74.svn30372-16.12.1

texlive-collection-fontsrecommended-2013.74.svn30307-16.12.1

texlive-collection-htmlxml-2013.74.svn30307-16.12.1

texlive-collection-latex-2013.74.svn30308-16.12.1

texlive-collection-latexrecommended-2013.74.svn30811-16.12.1

texlive-collection-luatex-2013.74.svn30790-16.12.1

texlive-collection-xetex-2013.74.svn30396-16.12.1

texlive-context-bin-2013.20130620.svn29741-22.8.2

texlive-cweb-bin-2013.20130620.svn30088-22.8.2

texlive-devel-2013.74-16.12.1

texlive-dviasm-bin-2013.20130620.svn8329-22.8.2

texlive-dvidvi-bin-2013.20130620.svn30088-22.8.2

texlive-dviljk-bin-2013.20130620.svn30088-22.8.2

texlive-dvipdfmx-bin-2013.20130620.svn30845-22.8.2

texlive-dvipng-bin-2013.20130620.svn30845-22.8.2

texlive-dvips-bin-2013.20130620.svn30088-22.8.2

texlive-dvisvgm-bin-2013.20130620.svn30613-22.8.2

texlive-extratools-2013.74-16.12.1

texlive-filesystem-2013.74-16.12.1

texlive-gsftopk-bin-2013.20130620.svn30088-22.8.2

texlive-jadetex-bin-2013.20130620.svn3006-22.8.2

texlive-kpathsea-bin-2013.20130620.svn30088-22.8.2

texlive-kpathsea-devel-6.2.0dev-22.8.2

texlive-lacheck-bin-2013.20130620.svn30088-22.8.2

texlive-latex-bin-bin-2013.20130620.svn14050-22.8.2

texlive-lua2dox-bin-2013.20130620.svn29053-22.8.2

texlive-luaotfload-bin-2013.20130620.svn30313-22.8.2

texlive-luatex-bin-2013.20130620.svn30845-22.8.2

texlive-makeindex-bin-2013.20130620.svn30088-22.8.2

texlive-metafont-bin-2013.20130620.svn30088-22.8.2

texlive-metapost-bin-2013.20130620.svn30845-22.8.2

texlive-mfware-bin-2013.20130620.svn30088-22.8.2

texlive-mptopdf-bin-2013.20130620.svn18674-22.8.2

texlive-pdftex-bin-2013.20130620.svn30845-22.8.2

texlive-pstools-bin-2013.20130620.svn30088-22.8.2

texlive-ptexenc-devel-1.3.2dev-22.8.2

texlive-seetexk-bin-2013.20130620.svn30088-22.8.2

texlive-splitindex-bin-2013.20130620.svn29688-22.8.2

texlive-tetex-bin-2013.20130620.svn29741-22.8.2

texlive-tex-bin-2013.20130620.svn30088-22.8.2

texlive-tex4ht-bin-2013.20130620.svn30088-22.8.2

texlive-texconfig-bin-2013.20130620.svn29741-22.8.2

texlive-thumbpdf-bin-2013.20130620.svn6898-22.8.2

texlive-vlna-bin-2013.20130620.svn30088-22.8.2

texlive-web-bin-2013.20130620.svn30088-22.8.2

texlive-xdvi-bin-2013.20130620.svn30088-22.8.2

texlive-xetex-bin-2013.20130620.svn30845-22.8.2

texlive-xmltex-bin-2013.20130620.svn3006-22.8.2

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201581-1/
Link for SUSE-SU-2020:1581-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/006915.html
E-Mail link for SUSE-SU-2020:1581-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1138793
SUSE Bug 1138793
https://bugzilla.suse.com/1158910
SUSE Bug 1158910
https://bugzilla.suse.com/1159740
SUSE Bug 1159740
https://www.suse.com/security/cve/CVE-2020-8016/
SUSE CVE CVE-2020-8016 page
https://www.suse.com/security/cve/CVE-2020-8017/
SUSE CVE CVE-2020-8017 page

Описание

A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP4:libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server 12 SP5:libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server for SAP Applications 12 SP4:libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server for SAP Applications 12 SP5:libkpathsea6-6.2.0dev-22.8.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-8016.html
CVE-2020-8016
https://bugzilla.suse.com/1158910
SUSE Bug 1158910
https://bugzilla.suse.com/1159740
SUSE Bug 1159740

Описание

A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP4:libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server 12 SP5:libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server for SAP Applications 12 SP4:libkpathsea6-6.2.0dev-22.8.2

SUSE Linux Enterprise Server for SAP Applications 12 SP5:libkpathsea6-6.2.0dev-22.8.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-8017.html
CVE-2020-8017
https://bugzilla.suse.com/1158910
SUSE Bug 1158910
https://bugzilla.suse.com/1159103
SUSE Bug 1159103

SUSE-SU-2020:1581-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

SUSE Linux Enterprise Software Development Kit 12 SP4

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2020-8016

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-8017

Описание

Затронутые продукты

Ссылки