The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Synthesis of the vulnerability 


A local attacker can create a symbolic link named /tmp/sarg/denied.int_unsory, in order to alter the pointed file, with privileges of Squid Analysis Report Generator.
Vulnerable systems: openSUSE Leap, SLES.
Severity of this threat: 1/4.
Creation date: 28/01/2020.
Références of this weakness: CVE-2019-18932, openSUSE-SU-2020:0117-1, openSUSE-SU-2020:0140-1, VIGILANCE-VUL-31442.

Description of the vulnerability 


A local attacker can create a symbolic link named /tmp/sarg/denied.int_unsory, in order to alter the pointed file, with privileges of Squid Analysis Report Generator.
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

This security announce impacts software or systems such as openSUSE Leap, SLES.

Our Vigil@nce team determined that the severity of this threat is low.

The trust level is of type confirmed by the editor, with an origin of user shell.

An attacker with a expert ability can exploit this computer vulnerability announce.

Solutions for this threat 


openSUSE Leap 15.1: new sarg packages.
New packages are available:
  openSUSE Leap 15.1: sarg 2.3.10-lp151.3.3.1

SUSE LE 15 SP1: new sarg packages.
New packages are available:
  SUSE LE 15 SP1: sarg 2.3.10-bp151.4.3.1
Full bulletin, software filtering, emails, fixes, … (Request your free trial)

Computer vulnerabilities tracking service 


Vigil@nce provides a computer security database. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.





Source link

Write a comment:
*

Your email address will not be published.