rpm package
suse/permissions&distro=SUSE Linux Enterprise Desktop 12 SP4
pkg:rpm/suse/permissions&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-8013 | — | < 20170707-3.21.1 | 20170707-3.21.1 | Mar 2, 2020 | A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The sy | ||
| CVE-2019-3690 | — | < 20170707-3.14.1 | 20170707-3.14.1 | Dec 5, 2019 | The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privil | ||
| CVE-2019-3688 | — | < 20170707-3.14.1 | 20170707-3.14.1 | Oct 7, 2019 | The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the sq |
- CVE-2020-8013Mar 2, 2020affected < 20170707-3.21.1fixed 20170707-3.21.1
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The sy
- CVE-2019-3690Dec 5, 2019affected < 20170707-3.14.1fixed 20170707-3.14.1
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privil
- CVE-2019-3688Oct 7, 2019affected < 20170707-3.14.1fixed 20170707-3.14.1
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the sq