Overview

File _patchinfo of Package patchinfo.6858

<patchinfo incident="6858">
  <issue id="1043463" tracker="bnc">VUL-0: CVE-2017-8108: lynis: arbitrary file overwrite and privilege escalation via symlink attack</issue>
  <issue id="2017-8108" tracker="cve" />
  <category>security</category>
  <rating>moderate</rating>
  <packager>AndreasStieger</packager>
  <description>This update for lynis fixes the following issues:

Lynis 2.5.1:

  * Improved detection of SSL certificate files
  * Minor changes to improve logging and results
  * Firewall tests: Determine if CSF is in testing mode

The Update also includes changes from Lynis 2.5.0:

  * CVE-2017-8108: symlink attack may have allowed arbitrary file
    overwrite or privilege escalation (boo#1043463)
  * Deleted unused tests from database file
  * Additional sysctls are tested
  * Extended test with Symantec components
  * Snort detection
  * Snort configuration file

The update also includes Lynis 2.4.8 (Changelog from 2.4.1)

  * More PHP paths added
  * Minor changes to text
  * Show atomic test in report
  * Added FileInstalledByPackage function (dpkg and rpm supported)
  * Mark Arch Linux version as rolling release (instead of unknown)
  * Support for Manjaro Linux
  * Escape files when testing if they are readable
  * Code cleanups
  * Allow host alias to be specified in profile
  * Code readability enhancements
  * Solaris support has been improved
  * Fix for upload function to be used from profile
  * Reduce screen output for mail section, unless --verbose is used
  * Code cleanups and removed 'update release' command
  * Colored output can now be tuned with profile (colors=yes/no)
  * Allow data upload to be set as a profile option
  * Properly detect SSH daemon version
  * Generic code improvements
  * Improved the update check and display
  * Finish, Portuguese, and Turkish translation
  * Extended support and tests for DragonFlyBSD
  * Option to configure hostid and hostid2 in profile
  * Support for Trend Micro and Cylance (macOS)
  * Remove comments at end of nginx configuration
  * Used machine ID to create host ID when no SSH keys are available
  * Added detection of iptables-save to binaries

And Lynis 2.4.0  

  * Mainly improved support for macOS users
  * Support for CoreOS
  * Support for clamconf utility
  * Support for chinese translation
  * More sysctl values in the default profile
  * New commands: "upload-only", "show hostids", "show environment", "show os"
</description>
  <summary>Security update for lynis</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places