| Revision Date: | 2019-04-30 | Version: | 1 |
| Title: | Security update for hostinfo, supportutils (Important) |
| Description: |
This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils:
- CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751).
Other issues fixed for supportutils:
- Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info
Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979)
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1054979
1099498
1115245
1117751
1117776
1118460
1118462
1118463
1125623
1125666
CVE-2018-19636
CVE-2018-19637
CVE-2018-19638
CVE-2018-19639
CVE-2018-19640
|
| Platform(s): | SUSE Linux Enterprise Server 12 SP3-TERADATA
| Product(s): | |
| Definition Synopsis |
| SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information
hostinfo-1.0.1-19.5.1 is installed
OR supportutils-3.0-95.21.1 is installed
|