openSUSE Security Update : buildah (openSUSE-2020-2106)

This update for buildah fixes the following issues : buildah was updated to v1.17.0 bsc1165184 : - Handle cases where other tools mount/unmount containers - overlay.MountReadOnly: support RO overlay mounts - overlay: use fusermount for rootless umounts - overlay: fix umount - Switch default log...

Linux: Duplicated user names

Duplicated user names can be created with modify Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora 29 : rpm (2018-89a3999673)

An unfortunate regression in rpm 4.14.2 causes --setperms to behave incorrectly on symbolic links: file and directory permissions become world-writable and executable on symlink targets. A similar flaw exists in --setugids, but it is less exploitable. If you have used --setperms or --setugids, or...

Fedora 27 : rpm (2018-2c9120d494)

An unfortunate regression in rpm 4.14.2 causes --setperms to behave incorrectly on symbolic links: file and directory permissions become world-writable and executable on symlink targets. A similar flaw exists in --setugids, but it is less exploitable. If you have used --setperms or --setugids, or...

CVE-2018-7408

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status. It might allow local users to bypass intended filesystem...

CVE-2018-7408

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status. It might allow local users to bypass intended filesystem...

Design/Logic Flaw

The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations...

CVE-2012-5938

The issue (CVE-2012-5938) affects IBM InfoSphere Information Server versions 8.1, 8.5, 8.7 and 9.1 on UNIX/Linux. During installation, files are created with insufficient permissions/ownership, allowing local users to bypass access restrictions via standard filesystem operations. The IBM Security...

CVE-2005-4772

The CVE-2005-4772 entry concerns liby2util in YaST on SUSE Linux prior to 20051007. The description states that liby2util preserves permissions and ownerships when copying a remote repository, which could allow local users to read or modify sensitive files. The connected SUSE CVE-2005-4772 page c...