Bugzilla – Bug 1016886
VUL-0: CVE-2016-1242: tryton,trytond: admin user able to access all files on system
Last modified: 2017-01-15 18:55:56 UTC
file_open in Tryton before 3.2.17, 3.4.x before 3.4.14, 3.6.x before 3.6.12, 3.8.x before 3.8.8, and 4.x before 4.0.4 allow remote authenticated users with certain permissions to read arbitrary files via the name parameter or unspecified other vectors. https://build.opensuse.org/request/show/447339 https://build.opensuse.org/request/show/447340 References: https://bugzilla.redhat.com/show_bug.cgi?id=1374220 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1242 http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-1242.html http://www.debian.org/security/2016/dsa-3656 https://bugs.tryton.org/issue5808
bugbot adjusting priority
openSUSE-SU-2017:0009-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 1016817,1016885,1016886 CVE References: CVE-2016-1241,CVE-2016-1242 Sources used: openSUSE Leap 42.2 (src): gnuhealth-3.0.5-3.1, proteus-3.8.5-3.1, tryton-3.8.12-3.1, trytond-3.8.9-4.1, trytond_account-3.8.5-3.1, trytond_account_invoice-3.8.4-3.1, trytond_stock-3.8.4-3.1, trytond_stock_lot-3.8.1-3.1
Update in Leap:42.2:Updates