Описание
Security update for smb4k
This update for smb4k fixes the following issues:
- Disabled dbus service and polkit rules, because this version of smb4k has a local root exploit issue (boo#1036245, CVE-2017-8849). Automatic mounting will no longer be possible to work around this security issue.
Список пакетов
openSUSE Leap 42.2
smb4k-1.2.1-3.3.1
smb4k-doc-1.2.1-3.3.1
smb4k-lang-1.2.1-3.3.1
Ссылки
- E-Mail link for openSUSE-SU-2017:1343-1
- SUSE Security Ratings
Описание
smb4k before 2.0.1 allows local users to gain root privileges by leveraging failure to verify arguments to the mount helper DBUS service.
Затронутые продукты
openSUSE Leap 42.2:smb4k-1.2.1-3.3.1
openSUSE Leap 42.2:smb4k-doc-1.2.1-3.3.1
openSUSE Leap 42.2:smb4k-lang-1.2.1-3.3.1
Ссылки
- CVE-2017-8849
- SUSE Bug 1033300
- SUSE Bug 1036245
- SUSE Bug 1041511
- SUSE Bug 749065
- SUSE Bug 869959