SUSE-SU-2020:0547-1

See a problem?
Please try reporting it to the source first.

Source

https://www.suse.com/support/update/announcement/2020/suse-su-20200547-1/

Import Source

https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0547-1.json

JSON Data

https://api.osv.dev/v1/vulns/SUSE-SU-2020:0547-1

Upstream

CVE-2019-3687

CVE-2020-8013

Related

CVE-2019-3687
CVE-2020-8013

Published

2020-02-28T15:26:24Z

Modified

2026-02-04T03:09:09.923354Z

Summary

Security update for permissions

Details

This update for permissions fixes the following issues:

Security issues fixed:

CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788)
CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).

Non-security issues fixed:

Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594).
Fixed capability handling when doing multiple permission changes at once (bsc#1161779).

References

Affected packages

SUSE:Linux Enterprise Module for Basesystem 15 SP1 / permissions

Package

Name: permissions
Purl: pkg:rpm/suse/permissions&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20181116-9.23.1

Ecosystem specific

{
    "binaries": [
        {
            "permissions-zypp-plugin": "20181116-9.23.1",
            "permissions": "20181116-9.23.1"
        }
    ]
}

Database specific

source

"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0547-1.json"