Oval Definition:	oval:org.opensuse.security:def:201918932
Revision Date: 2021-10-24 Version: 1 Title: CVE-2019-18932 Description: log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create the directory, and place symlinks in it (after winning a /tmp/sarg/denied.int_unsort race condition). The outcome will be corrupted or newly created files in privileged file system locations. Family: unix Class: vulnerability Status: Reference(s): CVE-2019-18932 openSUSE-SU-2020:0117-1 openSUSE-SU-2020:0140-1 Mitre CVE-2019-18932 SUSE CVE-2019-18932 openSUSE-SU-2020:0117-1 openSUSE-SU-2020:0140-1 Platform(s): openSUSE Leap 15.1 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Storage 6 SUSE Manager Proxy 4.0 SUSE Manager Server 4.0 SUSE Package Hub for SUSE Linux Enterprise 15 SP1 Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information sarg-2.3.10-lp151.3.3.1 is installed AND sarg is signed with openSUSE key Definition Synopsis SUSE Package Hub for SUSE Linux Enterprise 15 SP1 is installed AND sarg-2.3.10-bp151.4.3.1 is installed
BACK