Overview

File _patchinfo of Package patchinfo.13180

<patchinfo incident="13180">
  <issue tracker="bnc" id="1157198">New version of Permissions causes core dumps/segmentation faults</issue>
  <issue tracker="bnc" id="1093414">VUL-0: CVE-2019-3688: squid: /usr/sbin/pinger packaged with wrong permission</issue>
  <issue tracker="bnc" id="1150734">VUL-0: CVE-2019-3690: permissions: chkstat follows untrusted symbolic links</issue>
  <issue tracker="cve" id="2019-3690"/>
  <issue tracker="cve" id="2019-3688"/>
  <packager>mkraus</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for permissions</summary>
  <description>This update for permissions fixes the following issues:
	  
- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid
  which could have allowed a squid user to gain persistence by changing the 
  binary (bsc#1093414).
- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic 
  links (bsc#1150734).
- Fixed a regression which caused sagmentation fault (bsc#1157198).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places