Overview

File _patchinfo of Package patchinfo.18713

<patchinfo incident="18713">
  <issue tracker="bnc" id="1179999">VUL-0: CVE-2020-35459: crmsh: Root privilege escalation via hawk_invoke and crmsh</issue>
  <issue tracker="bnc" id="1182165">AUDIT-FIND: hawk: Limit the filenames of uploaded reports</issue>
  <issue tracker="bnc" id="1182166">VUL-0: EMBARGOED: CVE-2021-25314: hawk: Insecure file permissions</issue>
  <issue tracker="cve" id="2020-35459"/>
  <issue tracker="cve" id="2021-25314"/>
  <packager>dmaiocchi</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for hawk2</summary>
  <description>This update for hawk2 fixes the following issues:

- Update to version 2.6.3:
  * Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459)
  * Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314) 
  * Sanitize filename to contains whitelist of alphanumeric (bsc#1182165)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places