Описание
Security update for trousers
This update for trousers fixes the following issues:
- CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Список пакетов
openSUSE Leap 15.1
libtspi1-0.3.14-lp151.4.3.1
libtspi1-32bit-0.3.14-lp151.4.3.1
trousers-0.3.14-lp151.4.3.1
trousers-devel-0.3.14-lp151.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0015-1
- SUSE Security Ratings
- SUSE Bug 1157651
- SUSE CVE CVE-2019-18898 page
Описание
UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.
Затронутые продукты
openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1
openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.3.1
openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1
openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1
Ссылки
- CVE-2019-18898
- SUSE Bug 1154062
- SUSE Bug 1157651