openSUSE-SU-2016:1723-1

Опубликовано: 01 июл. 2016

Источник: suse-cvrf

Описание

Security update for kinit

kinit was updated to fix one security issue.

This security issue was fixed:

CVE-2016-3100: World readable Xauthority file exposed cookie credentials (boo#983926).

Список пакетов

openSUSE Leap 42.1

kinit-5.21.0-15.1

kinit-32bit-5.21.0-15.1

kinit-devel-5.21.0-15.1

kinit-lang-5.21.0-15.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-07/msg00001.html
E-Mail link for openSUSE-SU-2016:1723-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

kinit in KDE Frameworks before 5.23.0 uses weak permissions (644) for /tmp/xauth-xxx-_y, which allows local users to obtain X11 cookies of other users and consequently capture keystrokes and possibly gain privileges by reading the file.

Затронутые продукты

openSUSE Leap 42.1:kinit-32bit-5.21.0-15.1

openSUSE Leap 42.1:kinit-5.21.0-15.1

openSUSE Leap 42.1:kinit-devel-5.21.0-15.1

openSUSE Leap 42.1:kinit-lang-5.21.0-15.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-3100.html
CVE-2016-3100
https://bugzilla.suse.com/983926
SUSE Bug 983926

openSUSE-SU-2016:1723-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-3100

Описание

Затронутые продукты

Ссылки