openSUSE-SU-2020:0117-1

Опубликовано: 28 янв. 2020

Источник: suse-cvrf

Описание

Security update for sarg

This update for sarg fixes the following issues:

CVE-2019-18932: Fixed insecure usage of /tmp/sarg which potentially allowed privilege escalation or denial of service (boo#1156643).

Список пакетов

openSUSE Leap 15.1

sarg-2.3.10-lp151.3.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/6FENLJBPGJYRWH4TRRWY3B45BZMEUJD2/
E-Mail link for openSUSE-SU-2020:0117-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1156643
SUSE Bug 1156643
https://www.suse.com/security/cve/CVE-2019-18932/
SUSE CVE CVE-2019-18932 page

Описание

log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations.

Затронутые продукты

openSUSE Leap 15.1:sarg-2.3.10-lp151.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-18932.html
CVE-2019-18932
https://bugzilla.suse.com/1150554
SUSE Bug 1150554
https://bugzilla.suse.com/1156643
SUSE Bug 1156643

openSUSE-SU-2020:0117-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-18932

Описание

Затронутые продукты

Ссылки