Security update for apt-cacher-ng
This update for apt-cacher-ng fixes the following issues:
- CVE-2019-18899: Fixed a symlink attack which could allow to overwrite arbitrary data (boo#1157703).
- CVE-2020-5202: Fixed an information leak if a local user won a race condition to listen to localhost:3142 (boo#1157706).
This update was imported from the openSUSE:Leap:15.1:Update update project.
- Submitted by Matthias Gerstner (mgerstner)
Fixed bugs
bnc#1157706
VUL-0: CVE-2020-5202: apt-cacher-ng: acngtool uses localhost connection instead of socket by default
bnc#1157703
VUL-0: CVE-2019-18899: apt-cacher-ng: apt-cacher-ng runs as root, insecure use of /run/apt-cacher-ng