|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2019-3684: susemanager: installer creates world-readable swap files | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Malte Kraus <malte.kraus> |
| Component: | Incidents | Assignee: | Julio González Gil <jgonzalez> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Normal | ||
| Priority: | P3 - Medium | CC: | atoptsoglou, matthias.gerstner, security-team |
| Version: | unspecified | Flags: | jgonzalez:
needinfo?
(matthias.gerstner) |
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | reproducer:c0 | ||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
|
Description
Malte Kraus
2019-04-09 09:30:31 UTC
this is CVE-2019-3684 I don't have the slightest idea why this bug ends up with me ... Maybe I'm doing something stupid there, Rüdiger, but 'ibs maintainer SUSE:SLE-12-SP3:Update:Products:Manager32:Update/susemanager' gives me (only) your name. This is correctly assigned to SUSE Manager, and since I fixed for 4.0 (well, for new installations), I am the right assignee. Fix for Uyuni (and SUSE Manager) 4.0: https://github.com/uyuni-project/uyuni/pull/965 As soon as it's approved and merged, I will port back to 3.2 SUSE Manager 3.2: https://github.com/SUSE/spacewalk/pull/7802 SUSE Manager 3.1: https://github.com/SUSE/spacewalk/pull/7801 Sorry, SUSE Manager 3.1 is https://github.com/SUSE/spacewalk/pull/7803 All PRs merged. @Security, what' the procedure? I guess closing the issue is on your side, right? SUSE-RU-2019:1706-1: An update that has 30 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 1102819,1117017,1121439,1122680,1123375,1125015,1125090,1128061,1128838,1129079,1130492,1130551,1130784,1131408,1131423,1131704,1131780,1131867,1131929,1131954,1132080,1132103,1132197,1133424,1133523,1133587,1133629,1134195,1134876,1135166 CVE References: Sources used: SUSE Manager Server 3.2 (src): release-notes-susemanager-3.2.8-6.32.1 SUSE Manager Proxy 3.2 (src): release-notes-susemanager-proxy-3.2.8-0.16.24.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-RU-2019:1703-1: An update that solves one vulnerability and has 24 fixes is now available. Category: recommended (moderate) Bug References: 1117017,1125090,1128061,1128838,1129079,1130492,1130551,1131408,1131423,1131704,1131780,1131867,1131929,1131954,1132080,1132103,1132197,1133424,1133587,1133629,1134195,1134876,1135166,1136029,1136423 CVE References: CVE-2019-3684 Sources used: SUSE Manager Server 3.2 (src): cobbler-2.6.6-6.19.1, py26-compat-salt-2016.11.10-6.26.1, salt-netapi-client-0.16.0-4.11.1, spacewalk-backend-2.8.57.16-3.30.1, spacewalk-certs-tools-2.8.8.10-3.11.1, spacewalk-config-2.8.5.7-3.16.1, spacewalk-java-2.8.78.22-3.32.1, spacewalk-web-2.8.7.16-3.27.1, susemanager-3.2.18-3.25.2, susemanager-docs_en-3.2-11.26.1, susemanager-schema-3.2.19-3.25.1, susemanager-sls-3.2.25-3.29.1, susemanager-sync-data-3.2.15-3.23.1 SUSE Manager Proxy 3.2 (src): rhncfg-5.10.122.3-3.3.1, spacewalk-backend-2.8.57.16-3.30.1, spacewalk-certs-tools-2.8.8.10-3.11.1, spacewalk-proxy-2.8.5.5-3.6.2, spacewalk-proxy-installer-2.8.6.6-3.12.1, spacewalk-web-2.8.7.16-3.27.1, zypp-plugin-spacewalk-1.0.5-3.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2019:1703-1: An update that solves one vulnerability and has 24 fixes is now available. Category: security (moderate) Bug References: 1117017,1125090,1128061,1128838,1129079,1130492,1130551,1131423,1131704,1131780,1131867,1131929,1131954,1132103,1132197,1133424,1133587,1133629,1134195,1134876,1135166,1136029,1136102,1136250,1136423 CVE References: CVE-2019-3684 Sources used: SUSE Manager Server 3.2 (src): cobbler-2.6.6-6.19.1, py26-compat-salt-2016.11.10-6.26.1, salt-netapi-client-0.16.0-4.11.1, spacewalk-backend-2.8.57.16-3.30.1, spacewalk-certs-tools-2.8.8.10-3.11.1, spacewalk-config-2.8.5.7-3.16.1, spacewalk-java-2.8.78.22-3.32.1, spacewalk-web-2.8.7.16-3.27.1, susemanager-3.2.18-3.25.2, susemanager-docs_en-3.2-11.26.1, susemanager-schema-3.2.19-3.25.1, susemanager-sls-3.2.25-3.29.1, susemanager-sync-data-3.2.15-3.23.1 SUSE Manager Proxy 3.2 (src): rhncfg-5.10.122.3-3.3.1, spacewalk-backend-2.8.57.16-3.30.1, spacewalk-certs-tools-2.8.8.10-3.11.1, spacewalk-proxy-2.8.5.5-3.6.2, spacewalk-proxy-installer-2.8.6.6-3.12.1, spacewalk-web-2.8.7.16-3.27.1, zypp-plugin-spacewalk-1.0.5-3.7.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. I guess this can be closed already? - 3.1: Despite I merged the PR, EoL was near and it came before we did another MU. - 3.2: released - 4.0: Fix was part of GM. done |