OVAL Reference oval:org.opensuse.security:def:56629

Oval Definition:

oval:org.opensuse.security:def:56629

Revision Date:	2020-12-01	Version:	1
Title:	Security update for rpm (Moderate)
Description:	This update for rpm fixes the following issues: These security issues were fixed: - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457). - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457) This non-security issue was fixed: - Use ksym-provides tool [bsc#1077692]
Family:	unix	Class:	patch
Status:		Reference(s):	1035442 1042948 1049373 1051412 1052252 1052311 1052368 1052771 1058082 1061081 1068032 1070158 1070159 1070160 1070163 1072902 1074122 1074425 1074562 1074610 1076116 1076180 1077692 1080635 1080662 1086909 1090192 1090343 1090849 1094448 1095218 1095219 1095603 1096985 1102682 1102920 1107832 1138461 1145092 1145559 1149496 1171252 1171254 928193 943457 951734 951735 954102 954429 956018 956021 956260 957105 957106 957107 957109 957110 959277 CVE-2013-1989 CVE-2013-2066 CVE-2015-1819 CVE-2015-5312 CVE-2015-7201 CVE-2015-7202 CVE-2015-7205 CVE-2015-7210 CVE-2015-7212 CVE-2015-7213 CVE-2015-7214 CVE-2015-7222 CVE-2015-7497 CVE-2015-7498 CVE-2015-7499 CVE-2015-7500 CVE-2015-7941 CVE-2015-7942 CVE-2015-8035 CVE-2015-8241 CVE-2015-8242 CVE-2015-8317 CVE-2017-1000112 CVE-2017-1000445 CVE-2017-1000476 CVE-2017-11449 CVE-2017-11751 CVE-2017-12430 CVE-2017-12642 CVE-2017-14249 CVE-2017-15595 CVE-2017-17563 CVE-2017-17564 CVE-2017-17565 CVE-2017-17566 CVE-2017-17680 CVE-2017-17882 CVE-2017-18030 CVE-2017-5715 CVE-2017-5753 CVE-2017-5754 CVE-2017-7500 CVE-2017-7501 CVE-2017-9409 CVE-2018-11233 CVE-2018-11235 CVE-2018-12099 CVE-2018-1288 CVE-2018-14633 CVE-2018-3817 CVE-2018-5390 CVE-2018-5683 CVE-2019-10208 CVE-2019-11500 CVE-2019-12855 CVE-2019-5482 CVE-2020-12653 CVE-2020-12654 SUSE-SU-2015:2335-1 SUSE-SU-2016:0049-1 SUSE-SU-2016:0228-1 SUSE-SU-2017:2440-1 SUSE-SU-2018:0055-1 SUSE-SU-2018:0609-1 SUSE-SU-2018:2536-1 SUSE-SU-2018:3286-1 SUSE-SU-2018:3328-1 SUSE-SU-2019:2158-1 SUSE-SU-2019:2339-2 SUSE-SU-2019:2453-1 SUSE-SU-2019:2454-1 SUSE-SU-2020:1475-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information gnome-online-accounts-3.26.2-lp150.3 is installed OR gnome-online-accounts-lang-3.26.2-lp150.3 is installed OR libgoa-1_0-0-3.26.2-lp150.3 is installed OR libgoa-backend-1_0-1-3.26.2-lp150.3 is installed OR typelib-1_0-Goa-1_0-3.26.2-lp150.3 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND Package Information libxslt-1.1.32-lp151.3.3 is installed OR libxslt-devel-1.1.32-lp151.3.3 is installed OR libxslt-devel-32bit-1.1.32-lp151.3.3 is installed OR libxslt-python-1.1.32-lp151.3.3 is installed OR libxslt-tools-1.1.32-lp151.3.3 is installed OR libxslt1-1.1.32-lp151.3.3 is installed OR libxslt1-32bit-1.1.32-lp151.3.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information rpm-4.11.2-16.16 is installed OR rpm-32bit-4.11.2-16.16 is installed OR rpm-build-4.11.2-16.16 is installed OR rpm-python-4.11.2-16.16 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND Package Information MozillaFirefox-38.5.0esr-54 is installed OR MozillaFirefox-translations-38.5.0esr-54 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information kgraft-patch-3_12_69-60_64_32-default-6-2 is installed OR kgraft-patch-3_12_69-60_64_32-xen-6-2 is installed OR kgraft-patch-SLE12-SP1_Update_13-6-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND Package Information libXv1-1.0.10-3 is installed OR libXv1-32bit-1.0.10-3 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND Package Information curl-7.37.0-37.23 is installed OR libcurl4-7.37.0-37.23 is installed OR libcurl4-32bit-7.37.0-37.23 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND Package Information kernel-default-4.4.121-92.95 is installed OR kernel-default-base-4.4.121-92.95 is installed OR kernel-default-devel-4.4.121-92.95 is installed OR kernel-devel-4.4.121-92.95 is installed OR kernel-macros-4.4.121-92.95 is installed OR kernel-source-4.4.121-92.95 is installed OR kernel-syms-4.4.121-92.95 is installed OR lttng-modules-2.7.1-9.6 is installed OR lttng-modules-kmp-default-2.7.1_k4.4.121_92.95-9.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information kgraft-patch-4_4_59-92_20-default-12-2 is installed OR kgraft-patch-SLE12-SP2_Update_8-12-2 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information ecryptfs-utils-103-7 is installed OR ecryptfs-utils-32bit-103-7 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information xen-4.9.4_06-3.62 is installed OR xen-doc-html-4.9.4_06-3.62 is installed OR xen-libs-4.9.4_06-3.62 is installed OR xen-libs-32bit-4.9.4_06-3.62 is installed OR xen-tools-4.9.4_06-3.62 is installed OR xen-tools-domU-4.9.4_06-3.62 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information libsystemd0-228-150.82 is installed OR libsystemd0-32bit-228-150.82 is installed OR libudev-devel-228-150.82 is installed OR libudev1-228-150.82 is installed OR libudev1-32bit-228-150.82 is installed OR systemd-228-150.82 is installed OR systemd-32bit-228-150.82 is installed OR systemd-bash-completion-228-150.82 is installed OR systemd-sysvinit-228-150.82 is installed OR udev-228-150.82 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information cracklib-2.9.0-7 is installed OR libcrack2-2.9.0-7 is installed OR libcrack2-32bit-2.9.0-7 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND Package Information git-2.12.3-27.14 is installed OR git-arch-2.12.3-27.14 is installed OR git-core-2.12.3-27.14 is installed OR git-credential-gnome-keyring-2.12.3-27.14 is installed OR git-cvs-2.12.3-27.14 is installed OR git-daemon-2.12.3-27.14 is installed OR git-doc-2.12.3-27.14 is installed OR git-email-2.12.3-27.14 is installed OR git-gui-2.12.3-27.14 is installed OR git-svn-2.12.3-27.14 is installed OR git-web-2.12.3-27.14 is installed OR gitk-2.12.3-27.14 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND Package Information grafana-4.5.1-1.8 is installed OR kafka-0.10.2.2-5 is installed OR logstash-2.4.1-5 is installed OR monasca-installer-20180608_12.47-9 is installed
Definition Synopsis
SUSE OpenStack Cloud Crowbar 8 is installed AND Package Information libgcrypt-1.6.1-16.68 is installed OR libgcrypt20-1.6.1-16.68 is installed OR libgcrypt20-32bit-1.6.1-16.68 is installed OR libgcrypt20-hmac-1.6.1-16.68 is installed OR libgcrypt20-hmac-32bit-1.6.1-16.68 is installed

BACK