SUSE-SU-2019:3183-1 -- SLES permissionsID: oval:org.secpod.oval:def:89003039 | Date: (C)2021-02-27 (M)2022-10-10 |
Class: PATCH | Family: unix |
This update for permissions fixes the following issues: Security issues fixed: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary . - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links . Other issue addressed: - Corrected a badly constracted file which could have allowed treating of the shell environment as permissions files . - Fixed a regression which caused sagmentation fault .
Platform: |
SUSE Linux Enterprise Server 12 SP5 |
SUSE Linux Enterprise Server 12 SP4 |