SUSE: 2019:0480-1 Important Update for Supportutils Security Issues

suse

February 25, 2019

An update that solves four vulnerabilities and has 9 fixes is now available

Summary

This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). Other issues fixed: - Fixed invalid exit code commands (bsc#1125666). - Included additional SUSE separation (bsc#1125609). - Merged added listing of locked packes by zypper. - Exclude pam.txt per GDPR by default (bsc#1112461). - Clarified -x functionality in supportconfig(8) (bsc#1115245). - udev service and provide the whole journal content in supportconfig

Topics Covered

security advisory security issue important system update supportutils

References

#1043311 #1046681 #1051797 #1071545 #1105849

#1112461 #1115245 #1117776 #1118460 #1118462

#1118463 #1125609 #1125666

Cross- CVE-2018-19637 CVE-2018-19638 CVE-2018-19639

CVE-2018-19640

Affected Products:

SUSE Linux Enterprise Module for Basesystem 15

https://www.suse.com/security/cve/CVE-2018-19637.html

https://www.suse.com/security/cve/CVE-2018-19638.html

https://www.suse.com/security/cve/CVE-2018-19639.html

https://www.suse.com/security/cve/CVE-2018-19640.html

https://bugzilla.suse.com/1043311

https://bugzilla.suse.com/1046681

https://bugzilla.suse.com/1051797

https://bugzilla.suse.com/1071545

https://bugzilla.suse.com/1105849

https://bugzilla.suse.com/1112461

https://bugzilla.suse.com/1115245

https://bugzilla.suse.com/1117776

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2019:0480-1

Rating: important

Topics Covered

security advisory security issue important system update supportutils

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:0480-1 Important Update for Supportutils Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:0480-1 Important Update for Supportutils Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!