Security update for cronie
This update for cronie fixes the following issues:
Security issues fixed:
- CVE-2019-9704: Fixed an insufficient check in the return value of calloc which
could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937).
- CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to
exhaust the memory resulting in Denial of Service (bsc#1128935).
Bug fixes:
- Manual start of cron is possible even when it's already started using systemd (bsc#1133100).
- Cron schedules only one job of crontab (bsc#1130746).
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Kristyna Streitova (kstreitova)
Fixed bugs
bnc#1128937
VUL-1: CVE-2019-9704: cron,cronie: vixie-cron: calloc return value resulting in remote dos
bnc#1128935
VUL-1: CVE-2019-9705: cron,cronie: dos(memory consumption) via a large crontab file
bnc#1130746
Cron schedules only one job of crontab
bnc#1133100
Manual start of cron is possible even when it's already started using systemd
