4 matches found
SUSE CVE-2022-23563
Tensorflow is an Open Source Machine Learning Framework. In multiple places, TensorFlow uses tempfile.mktemp to create temporary files. While this is acceptable in testing, in utilities and libraries it is dangerous as a different process can create the file between the check for the filename in...
Security update for resource-agents (important)
openSUSE Security Update: Security update for resource-agents Announcement ID: openSUSE-SU-2020:0585-1 Rating: important References: 1021689 1146687 1146690 1146691 1146692 1146766 1146776 1146784 1146785 1146787 Affected Products: openSUSE Leap 15.1 An update that contains security fixes can now...
SUSE-SU-2020:1089-1 Security update for resource-agents
This update for resource-agents fixes the following issues: - Fixed multiple vulnerabilities related to unsafe tempfile usage. bsc1146690 bsc1146691 bsc1146692 bsc1146766 bsc1146776 bsc1146784 bsc1146785 bsc1146787 - Fixed issues where the ocfmon user was created with a default password bsc102168...
tcsh: unsafe tempfile in << redirects
PROBLEM: /tmp echo 'hello world' rootfile /tmp chmod 600 rootfile /tmp ln -s rootfile sh$$ /tmp chown -h 666.666 sh$$ /tmp ls -l rootfile sh$$ -rw------- 1 root root 12 Oct 29 03:55 rootfile lrwxrwxrwx 1 666 666 8 Oct 29 03:56 sh12660 - rootfile /tmp cat BAR ? FOO ? BAR FOO o world /tmp ls -l...