Oval Definition:oval:org.opensuse.security:def:59993
Revision Date:2020-12-01Version:1
Title:Security update for permissions (Moderate)
Description:

This update for permissions fixes the following issues:

- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused segmentation fault (bsc#1157198).
Family:unixClass:patch
Status:Reference(s):1012382
1015336
1015337
1015340
1019683
1019695
1020413
1020645
1023175
1027260
1027457
1031492
1042286
1043083
1046264
1047487
1048916
1050549
1065600
1066223
1068032
1070805
1072947
1078355
1078662
1079935
1080740
1084300
1086095
1086423
1086652
1091405
1093158
1093414
1094244
1094823
1094973
1096242
1096281
1099523
1099810
1100105
1101557
1102439
1102660
1102875
1102877
1102879
1102882
1102896
1103097
1103156
1103257
1103624
1104098
1104731
1105428
1106061
1106105
1106237
1106240
1106383
1106929
1106989
1106996
1107385
1107609
1107866
1108145
1108240
1109272
1109330
1109695
1109806
1110286
1111062
1111174
1111809
1112142
1112143
1112144
1112146
1112147
1112148
1112152
1112153
1112246
1112963
1113412
1113766
1114190
1114417
1114475
1114648
1114763
1114839
1114871
1114893
1115431
1115433
1115440
1115482
1115709
1116027
1116183
1116285
1116336
1116345
1116497
1116653
1116841
1116924
1116950
1116962
1117108
1117162
1117165
1117186
1117562
1117645
1117744
1118152
1118316
1118319
1118505
1118790
1118798
1118915
1118922
1118926
1118930
1118936
1119204
1119680
1119714
1119877
1119946
1119967
1119970
1120017
1120046
1120381
1120722
1120743
1120758
1120902
1120950
1121239
1121240
1121241
1121242
1121275
1121621
1121726
1122033
1122650
1122651
1122779
1122885
1123321
1123323
1123357
1123933
1124166
1124365
1124366
1124368
1124728
1124732
1124735
1124775
1124777
1124780
1124811
1124937
1125000
1125014
1125446
1125794
1125796
1125808
1125809
1125810
1125892
1128649
1129271
1129272
1130330
1131317
1132053
1132054
1132060
1133495
1139459
1150734
1151377
1151506
1152107
1154043
1154609
1155574
1156482
1157198
1159814
1160467
1160468
1162108
1171252
1171254
1173477
1173691
1173694
1173700
1173701
1173743
1173798
1173874
1173875
1173876
1173880
1174205
1174757
1175691
1176069
985031
CVE-2009-0945
CVE-2011-3193
CVE-2011-3630
CVE-2011-3631
CVE-2011-3632
CVE-2011-3922
CVE-2012-4929
CVE-2012-6093
CVE-2013-0254
CVE-2013-4549
CVE-2014-0190
CVE-2015-0295
CVE-2015-1858
CVE-2015-1859
CVE-2015-1860
CVE-2017-18922
CVE-2018-1120
CVE-2018-13785
CVE-2018-16412
CVE-2018-16413
CVE-2018-16435
CVE-2018-16644
CVE-2018-16862
CVE-2018-16884
CVE-2018-19407
CVE-2018-19824
CVE-2018-19985
CVE-2018-20169
CVE-2018-20467
CVE-2018-21247
CVE-2018-3136
CVE-2018-3139
CVE-2018-3149
CVE-2018-3169
CVE-2018-3180
CVE-2018-3183
CVE-2018-3214
CVE-2018-5391
CVE-2018-7738
CVE-2018-9568
CVE-2019-10650
CVE-2019-11007
CVE-2019-11008
CVE-2019-11009
CVE-2019-14896
CVE-2019-14897
CVE-2019-16746
CVE-2019-18197
CVE-2019-20839
CVE-2019-20840
CVE-2019-3459
CVE-2019-3460
CVE-2019-3688
CVE-2019-3688
CVE-2019-3690
CVE-2019-3690
CVE-2019-5418
CVE-2019-5419
CVE-2019-6212
CVE-2019-6215
CVE-2019-6216
CVE-2019-6217
CVE-2019-6226
CVE-2019-6227
CVE-2019-6229
CVE-2019-6233
CVE-2019-6234
CVE-2019-6974
CVE-2019-7175
CVE-2019-7221
CVE-2019-7222
CVE-2019-7395
CVE-2019-7397
CVE-2019-7398
CVE-2019-9956
CVE-2020-12653
CVE-2020-12654
CVE-2020-14314
CVE-2020-14331
CVE-2020-14386
CVE-2020-14397
CVE-2020-14398
CVE-2020-14399
CVE-2020-14400
CVE-2020-14401
CVE-2020-14402
CVE-2020-14403
CVE-2020-14404
CVE-2020-16166
CVE-2020-1712
SUSE-SU-2018:2071-1
SUSE-SU-2019:0057-1
SUSE-SU-2019:0541-1
SUSE-SU-2019:0915-1
SUSE-SU-2019:1033-1
SUSE-SU-2019:3180-1
SUSE-SU-2020:0331-1
SUSE-SU-2020:2167-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • libthunarx-2-0-1.6.14-lp150.1 is installed
  • OR thunar-1.6.14-lp150.1 is installed
  • OR thunar-lang-1.6.14-lp150.1 is installed
  • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • update-test-32bit-pkg-5.1-lp151.12 is installed
  • OR update-test-affects-package-manager-5.1-lp151.12 is installed
  • OR update-test-broken-5.1-lp151.12 is installed
  • OR update-test-feature-5.1-lp151.12 is installed
  • OR update-test-interactive-5.1-lp151.12 is installed
  • OR update-test-optional-5.1-lp151.12 is installed
  • OR update-test-reboot-needed-5.1-lp151.12 is installed
  • OR update-test-relogin-suggested-5.1-lp151.12 is installed
  • OR update-test-security-5.1-lp151.12 is installed
  • OR update-test-trivial-5.1-lp151.12 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND permissions-2015.09.28.1626-17.20 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND hardlink-1.0-6 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.24.4-2.47 is installed
  • OR libwebkit2gtk-4_0-37-2.24.4-2.47 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.24.4-2.47 is installed
  • OR typelib-1_0-WebKit2-4_0-2.24.4-2.47 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.24.4-2.47 is installed
  • OR webkit2gtk3-2.24.4-2.47 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • libjavascriptcoregtk-4_0-18-2.28.2-2.53 is installed
  • OR libwebkit2gtk-4_0-37-2.28.2-2.53 is installed
  • OR libwebkit2gtk3-lang-2.28.2-2.53 is installed
  • OR typelib-1_0-JavaScriptCore-4_0-2.28.2-2.53 is installed
  • OR typelib-1_0-WebKit2-4_0-2.28.2-2.53 is installed
  • OR webkit2gtk-4_0-injected-bundles-2.28.2-2.53 is installed
  • OR webkit2gtk3-2.28.2-2.53 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND permissions-2015.09.28.1626-17.20 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND tcpdump-4.9.2-14.8 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • avahi-0.6.32-30 is installed
  • OR avahi-lang-0.6.32-30 is installed
  • OR avahi-utils-0.6.32-30 is installed
  • OR libavahi-client3-0.6.32-30 is installed
  • OR libavahi-client3-32bit-0.6.32-30 is installed
  • OR libavahi-common3-0.6.32-30 is installed
  • OR libavahi-common3-32bit-0.6.32-30 is installed
  • OR libavahi-core7-0.6.32-30 is installed
  • OR libdns_sd-0.6.32-30 is installed
  • OR libdns_sd-32bit-0.6.32-30 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • LibVNCServer-0.9.9-17.31 is installed
  • OR libvncclient0-0.9.9-17.31 is installed
  • OR libvncserver0-0.9.9-17.31 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND Package Information
  • dovecot22-2.2.31-19.22 is installed
  • OR dovecot22-backend-mysql-2.2.31-19.22 is installed
  • OR dovecot22-backend-pgsql-2.2.31-19.22 is installed
  • OR dovecot22-backend-sqlite-2.2.31-19.22 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • ruby2.1-rubygem-actionpack-4_2-4.2.9-7.6 is installed
  • OR rubygem-actionpack-4_2-4.2.9-7.6 is installed
  • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • xorg-x11-server-1.19.6-4.11 is installed
  • OR xorg-x11-server-extra-1.19.6-4.11 is installed
  • BACK