Lucene search

K
suseSuseOPENSUSE-SU-2019:2672-1
HistoryDec 11, 2019 - 12:00 a.m.

Security update for permissions (moderate)

2019-12-1100:00:00
lists.opensuse.org
48

EPSS

0.001

Percentile

30.6%

An update that solves two vulnerabilities and has one
errata is now available.

Description:

This update for permissions fixes the following issues:

  • CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
    which could have allowed a squid user to gain persistence by changing
    the binary (bsc#1093414).
  • CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic
    links (bsc#1150734).
  • Fixed a regression which caused sagmentation fault (bsc#1157198).

This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.1:

    zypper in -t patch openSUSE-2019-2672=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.1i586< - openSUSE Leap 15.1 (i586 x86_64):- openSUSE Leap 15.1 (i586 x86_64):.i586.rpm
openSUSE Leap15.1x86_64< - openSUSE Leap 15.1 (i586 x86_64):- openSUSE Leap 15.1 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.1noarch< - openSUSE Leap 15.1 (noarch):- openSUSE Leap 15.1 (noarch):.noarch.rpm

EPSS

0.001

Percentile

30.6%