Описание
Security update for storeBackup
This update for storeBackup fixes the following issues:
- CVE-2020-7040: Fixed a symlink attack which could lead to denial of service (boo#1156767).
Список пакетов
SUSE Package Hub 15
storeBackup-3.5-bp151.4.3.1
SUSE Package Hub 15 SP1
storeBackup-3.5-bp151.4.3.1
openSUSE Leap 15.1
storeBackup-3.5-bp151.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2020:0119-1
- SUSE Security Ratings
- SUSE Bug 1156767
- SUSE CVE CVE-2020-7040 page
Описание
storeBackup.pl in storeBackup through 3.5 relies on the /tmp/storeBackup.lock pathname, which allows symlink attacks that possibly lead to privilege escalation. (Local users can also create a plain file named /tmp/storeBackup.lock to block use of storeBackup until an admin manually deletes that file.)
Затронутые продукты
SUSE Package Hub 15 SP1:storeBackup-3.5-bp151.4.3.1
SUSE Package Hub 15:storeBackup-3.5-bp151.4.3.1
openSUSE Leap 15.1:storeBackup-3.5-bp151.4.3.1
Ссылки
- CVE-2020-7040
- SUSE Bug 1150555
- SUSE Bug 1156767