SUSE: 2019:3183-1 Moderate: Security Update for Permissions Issues
suse
December 5, 2019
An update that solves two vulnerabilities and has three fixes is now available
Summary
This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). Other issue addressed: - Corrected a badly constracted file which could have allowed treating of the shell environment as permissions files (bsc#1097665,bsc#1047247). - Fixed a regression which caused sagmentation fault (bsc#1157198). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:
References
#1047247 #1093414 #1097665 #1150734 #1157198
Cross- CVE-2019-3688 CVE-2019-3690
Affected Products:
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server 12-SP4
SUSE Linux Enterprise Desktop 12-SP4
https://www.suse.com/security/cve/CVE-2019-3688.html
https://www.suse.com/security/cve/CVE-2019-3690.html
https://bugzilla.suse.com/1047247
https://bugzilla.suse.com/1093414
https://bugzilla.suse.com/1097665
https://bugzilla.suse.com/1150734
https://bugzilla.suse.com/1157198
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2019:3183-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!