Описание
Security update for trousers
This update for trousers fixes the following issues:
- CVE-2020-24330: Fixed a potential tss user to root privilege escalation issue (bsc#1164472).
Список пакетов
SUSE Linux Enterprise Server 12 SP2-BCL
libtspi1-0.3.13-3.3.1
libtspi1-32bit-0.3.13-3.3.1
trousers-0.3.13-3.3.1
Ссылки
- Link for SUSE-SU-2022:2800-1
- E-Mail link for SUSE-SU-2022:2800-1
- SUSE Security Ratings
- SUSE Bug 1164472
- SUSE CVE CVE-2020-24330 page
Описание
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:libtspi1-0.3.13-3.3.1
SUSE Linux Enterprise Server 12 SP2-BCL:libtspi1-32bit-0.3.13-3.3.1
SUSE Linux Enterprise Server 12 SP2-BCL:trousers-0.3.13-3.3.1
Ссылки
- CVE-2020-24330
- SUSE Bug 1164472