openSUSE-SU-2019:2435-1

Опубликовано: 05 нояб. 2019

Источник: suse-cvrf

Описание

Security update for nfs-utils

This update for nfs-utils fixes the following issues:

CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733)

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Список пакетов

openSUSE Leap 15.1

nfs-client-2.1.1-lp151.7.3.1

nfs-doc-2.1.1-lp151.7.3.1

nfs-kernel-server-2.1.1-lp151.7.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/VRJ4FZYKCXQJYYW2SHUMRX7O3BYNNLH2/#VRJ4FZYKCXQJYYW2SHUMRX7O3BYNNLH2
E-Mail link for openSUSE-SU-2019:2435-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1150733
SUSE Bug 1150733
https://www.suse.com/security/cve/CVE-2019-3689/
SUSE CVE CVE-2019-3689 page

Описание

The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.

Затронутые продукты

openSUSE Leap 15.1:nfs-client-2.1.1-lp151.7.3.1

openSUSE Leap 15.1:nfs-doc-2.1.1-lp151.7.3.1

openSUSE Leap 15.1:nfs-kernel-server-2.1.1-lp151.7.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3689.html
CVE-2019-3689
https://bugzilla.suse.com/1150733
SUSE Bug 1150733

openSUSE-SU-2019:2435-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-3689

Описание

Затронутые продукты

Ссылки