Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Linux Enterprise 15: 2020:0357-1 Important: pcp Local Escalation

suse
Calendar Grey February 7, 2020
Dist Suse Esm H88
SUSE releases a critical security patch for pcp tackling vulnerabilities that could lead to local privilege escalation and resolve dependency-related problems.
An update that solves two vulnerabilities and has one errata is now available

Summary

This update for pcp fixes the following issues: Security issue fixed: - CVE-2019-3696: Fixed a local privilege escalation in migrate_tempdirs() (bsc#1153921). - CVE-2019-3695: Fixed a local privilege escalation of the pcp user during package update (bsc#1152763). Non-security issue fixed: - Fixed an dependency issue with pcp2csv (bsc#1129991). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-357=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2020-357=1

Topics%20covered

Topics Covered

security advisory local privilege escalation important SUSE Linux Enterprise pcp

References

#1129991 #1152763 #1153921

Cross- CVE-2019-3695 CVE-2019-3696

Affected Products:

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1

SUSE Linux Enterprise Module for Open Buildservice Development Tools 15

SUSE Linux Enterprise Module for Development Tools 15

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

https://www.suse.com/security/cve/CVE-2019-3695.html

https://www.suse.com/security/cve/CVE-2019-3696.html

https://bugzilla.suse.com/1129991

https://bugzilla.suse.com/1152763

https://bugzilla.suse.com/1153921

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0357-1
Rating: important

Topics%20covered

Topics Covered

security advisory local privilege escalation important SUSE Linux Enterprise pcp

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here