Security update for permissions
This update for permissions fixes the following issues:
- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
which could have allowed a squid user to gain persistence by changing the
binary (bsc#1093414).
- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic
links (bsc#1150734).
- Fixed a regression which caused sagmentation fault (bsc#1157198).
This update was imported from the SUSE:SLE-15-SP1:Update update project.
-
Submitted by
Malte Kraus (mkraus)
Fixed bugs
bnc#1157198
New version of Permissions causes core dumps/segmentation faults
bnc#1150734
VUL-0: CVE-2019-3690: permissions: chkstat follows untrusted symbolic links
bnc#1093414
VUL-0: CVE-2019-3688: squid: /usr/sbin/pinger packaged with wrong permission
