Insecure Inherited Permissions

Overview Affected versions of this package are vulnerable to Insecure Inherited Permissions in the LookupResources API. An attacker can cause incomplete or missing results to be returned by crafting schemas that define permissions using unions referencing the same relation with different...

SpiceDB checks involving relations with caveats can result in no permission when permission is expected

Impact On schemas involving arrows with caveats on the arrow’ed relation, when the path to resolve a CheckPermission request involves the evaluation of multiple caveated branches, requests may return a negative response when a positive response is expected. For example, given this schema:...

Improper Validation of Array Index

Overview Affected versions of this package are vulnerable to Improper Validation of Array Index through the fiber.Ctx.BodyParser method that panics when trying to parse a negative range index. An attacker can cause the server to crash by sending a specially crafted payload with a negative index f...

SUSE-SU-2020:0670-1 Recommended update for SUSE Manager Server 3.2

This update fixes the following issues: spacewalk-setup: - Create AJP connector for tomcat if it does not exist bsc1165927, bsc1166388 How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the patch using either...