cvelistv5 - CVE-2019-18898

CVE-2019-18898 (GCVE-0-2019-18898)

Vulnerability from cvelistv5

Published

2020-01-23 14:05

Modified

2024-09-16 18:24

Severity ?

7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE

CWE-59 - Improper Link Resolution Before File Access ('Link Following')

Summary

UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.

References

URL

opensuse-su-2020:0015-1

Vulnerability from csaf_opensuse

Published

2020-01-13 15:17

Modified

2020-01-13 15:17

Summary

Security update for trousers

Notes

Title of the patch

Security update for trousers

Description of the patch

This update for trousers fixes the following issues: - CVE-2019-18898: Fixed a local symlink attack where a rogue tss user could have gain ownership of arbitrary files in the system during installation/update of the trousers package (bsc#1157651). This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patchnames

openSUSE-2020-15

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for trousers",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for trousers fixes the following issues:\n\n- CVE-2019-18898: Fixed a local symlink attack where a rogue tss user\n  could have gain ownership of arbitrary files in the system during\n  installation/update of the trousers package (bsc#1157651).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-15",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0015-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0015-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5PMK7N3UJLMALKX6JOIZBEP7XJGLLH/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0015-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TJ5PMK7N3UJLMALKX6JOIZBEP7XJGLLH/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157651",
        "url": "https://bugzilla.suse.com/1157651"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18898 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18898/"
      }
    ],
    "title": "Security update for trousers",
    "tracking": {
      "current_release_date": "2020-01-13T15:17:08Z",
      "generator": {
        "date": "2020-01-13T15:17:08Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0015-1",
      "initial_release_date": "2020-01-13T15:17:08Z",
      "revision_history": [
        {
          "date": "2020-01-13T15:17:08Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-lp151.4.3.1.i586",
                "product": {
                  "name": "libtspi1-0.3.14-lp151.4.3.1.i586",
                  "product_id": "libtspi1-0.3.14-lp151.4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-lp151.4.3.1.i586",
                "product": {
                  "name": "trousers-0.3.14-lp151.4.3.1.i586",
                  "product_id": "trousers-0.3.14-lp151.4.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-lp151.4.3.1.i586",
                "product": {
                  "name": "trousers-devel-0.3.14-lp151.4.3.1.i586",
                  "product_id": "trousers-devel-0.3.14-lp151.4.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-lp151.4.3.1.x86_64",
                "product": {
                  "name": "libtspi1-0.3.14-lp151.4.3.1.x86_64",
                  "product_id": "libtspi1-0.3.14-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64",
                "product": {
                  "name": "libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64",
                  "product_id": "libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-lp151.4.3.1.x86_64",
                "product": {
                  "name": "trousers-0.3.14-lp151.4.3.1.x86_64",
                  "product_id": "trousers-0.3.14-lp151.4.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-lp151.4.3.1.x86_64",
                "product": {
                  "name": "trousers-devel-0.3.14-lp151.4.3.1.x86_64",
                  "product_id": "trousers-devel-0.3.14-lp151.4.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.14-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1.i586"
        },
        "product_reference": "libtspi1-0.3.14-lp151.4.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.14-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1.x86_64"
        },
        "product_reference": "libtspi1-0.3.14-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64"
        },
        "product_reference": "libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.14-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1.i586"
        },
        "product_reference": "trousers-0.3.14-lp151.4.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.14-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1.x86_64"
        },
        "product_reference": "trousers-0.3.14-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.14-lp151.4.3.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1.i586"
        },
        "product_reference": "trousers-devel-0.3.14-lp151.4.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.14-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1.x86_64"
        },
        "product_reference": "trousers-devel-0.3.14-lp151.4.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-18898",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18898"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1.i586",
          "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1.i586",
          "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1.x86_64",
          "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1.i586",
          "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18898",
          "url": "https://www.suse.com/security/cve/CVE-2019-18898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154062 for CVE-2019-18898",
          "url": "https://bugzilla.suse.com/1154062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157651 for CVE-2019-18898",
          "url": "https://bugzilla.suse.com/1157651"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.3.1.x86_64",
            "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1.i586",
            "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-01-13T15:17:08Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-18898"
    }
  ]
}

opensuse-su-2024:11476-1

Vulnerability from csaf_opensuse

Published

2024-06-15 00:00

Modified

2024-06-15 00:00

Summary

libtspi1-0.3.15-1.7 on GA media

Notes

Title of the patch

libtspi1-0.3.15-1.7 on GA media

Description of the patch

These are all security issues fixed in the libtspi1-0.3.15-1.7 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-11476

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libtspi1-0.3.15-1.7 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libtspi1-0.3.15-1.7 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11476",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11476-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18898 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18898/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-24332 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-24332/"
      }
    ],
    "title": "libtspi1-0.3.15-1.7 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11476-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.15-1.7.aarch64",
                "product": {
                  "name": "libtspi1-0.3.15-1.7.aarch64",
                  "product_id": "libtspi1-0.3.15-1.7.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libtspi1-32bit-0.3.15-1.7.aarch64",
                "product": {
                  "name": "libtspi1-32bit-0.3.15-1.7.aarch64",
                  "product_id": "libtspi1-32bit-0.3.15-1.7.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.15-1.7.aarch64",
                "product": {
                  "name": "trousers-0.3.15-1.7.aarch64",
                  "product_id": "trousers-0.3.15-1.7.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.15-1.7.aarch64",
                "product": {
                  "name": "trousers-devel-0.3.15-1.7.aarch64",
                  "product_id": "trousers-devel-0.3.15-1.7.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.15-1.7.ppc64le",
                "product": {
                  "name": "libtspi1-0.3.15-1.7.ppc64le",
                  "product_id": "libtspi1-0.3.15-1.7.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libtspi1-32bit-0.3.15-1.7.ppc64le",
                "product": {
                  "name": "libtspi1-32bit-0.3.15-1.7.ppc64le",
                  "product_id": "libtspi1-32bit-0.3.15-1.7.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.15-1.7.ppc64le",
                "product": {
                  "name": "trousers-0.3.15-1.7.ppc64le",
                  "product_id": "trousers-0.3.15-1.7.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.15-1.7.ppc64le",
                "product": {
                  "name": "trousers-devel-0.3.15-1.7.ppc64le",
                  "product_id": "trousers-devel-0.3.15-1.7.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.15-1.7.s390x",
                "product": {
                  "name": "libtspi1-0.3.15-1.7.s390x",
                  "product_id": "libtspi1-0.3.15-1.7.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libtspi1-32bit-0.3.15-1.7.s390x",
                "product": {
                  "name": "libtspi1-32bit-0.3.15-1.7.s390x",
                  "product_id": "libtspi1-32bit-0.3.15-1.7.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.15-1.7.s390x",
                "product": {
                  "name": "trousers-0.3.15-1.7.s390x",
                  "product_id": "trousers-0.3.15-1.7.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.15-1.7.s390x",
                "product": {
                  "name": "trousers-devel-0.3.15-1.7.s390x",
                  "product_id": "trousers-devel-0.3.15-1.7.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.15-1.7.x86_64",
                "product": {
                  "name": "libtspi1-0.3.15-1.7.x86_64",
                  "product_id": "libtspi1-0.3.15-1.7.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtspi1-32bit-0.3.15-1.7.x86_64",
                "product": {
                  "name": "libtspi1-32bit-0.3.15-1.7.x86_64",
                  "product_id": "libtspi1-32bit-0.3.15-1.7.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.15-1.7.x86_64",
                "product": {
                  "name": "trousers-0.3.15-1.7.x86_64",
                  "product_id": "trousers-0.3.15-1.7.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.15-1.7.x86_64",
                "product": {
                  "name": "trousers-devel-0.3.15-1.7.x86_64",
                  "product_id": "trousers-devel-0.3.15-1.7.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.15-1.7.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.aarch64"
        },
        "product_reference": "libtspi1-0.3.15-1.7.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.15-1.7.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.ppc64le"
        },
        "product_reference": "libtspi1-0.3.15-1.7.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.15-1.7.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.s390x"
        },
        "product_reference": "libtspi1-0.3.15-1.7.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.15-1.7.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.x86_64"
        },
        "product_reference": "libtspi1-0.3.15-1.7.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-32bit-0.3.15-1.7.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.aarch64"
        },
        "product_reference": "libtspi1-32bit-0.3.15-1.7.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-32bit-0.3.15-1.7.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.ppc64le"
        },
        "product_reference": "libtspi1-32bit-0.3.15-1.7.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-32bit-0.3.15-1.7.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.s390x"
        },
        "product_reference": "libtspi1-32bit-0.3.15-1.7.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-32bit-0.3.15-1.7.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.x86_64"
        },
        "product_reference": "libtspi1-32bit-0.3.15-1.7.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.15-1.7.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:trousers-0.3.15-1.7.aarch64"
        },
        "product_reference": "trousers-0.3.15-1.7.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.15-1.7.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:trousers-0.3.15-1.7.ppc64le"
        },
        "product_reference": "trousers-0.3.15-1.7.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.15-1.7.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:trousers-0.3.15-1.7.s390x"
        },
        "product_reference": "trousers-0.3.15-1.7.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.15-1.7.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:trousers-0.3.15-1.7.x86_64"
        },
        "product_reference": "trousers-0.3.15-1.7.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.15-1.7.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.aarch64"
        },
        "product_reference": "trousers-devel-0.3.15-1.7.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.15-1.7.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.ppc64le"
        },
        "product_reference": "trousers-devel-0.3.15-1.7.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.15-1.7.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.s390x"
        },
        "product_reference": "trousers-devel-0.3.15-1.7.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.15-1.7.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.x86_64"
        },
        "product_reference": "trousers-devel-0.3.15-1.7.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-18898",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18898"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.aarch64",
          "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.ppc64le",
          "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.s390x",
          "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.x86_64",
          "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.aarch64",
          "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.ppc64le",
          "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.s390x",
          "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.x86_64",
          "openSUSE Tumbleweed:trousers-0.3.15-1.7.aarch64",
          "openSUSE Tumbleweed:trousers-0.3.15-1.7.ppc64le",
          "openSUSE Tumbleweed:trousers-0.3.15-1.7.s390x",
          "openSUSE Tumbleweed:trousers-0.3.15-1.7.x86_64",
          "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.aarch64",
          "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.ppc64le",
          "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.s390x",
          "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18898",
          "url": "https://www.suse.com/security/cve/CVE-2019-18898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154062 for CVE-2019-18898",
          "url": "https://bugzilla.suse.com/1154062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157651 for CVE-2019-18898",
          "url": "https://bugzilla.suse.com/1157651"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-18898"
    },
    {
      "cve": "CVE-2020-24332",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-24332"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.aarch64",
          "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.ppc64le",
          "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.s390x",
          "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.x86_64",
          "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.aarch64",
          "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.ppc64le",
          "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.s390x",
          "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.x86_64",
          "openSUSE Tumbleweed:trousers-0.3.15-1.7.aarch64",
          "openSUSE Tumbleweed:trousers-0.3.15-1.7.ppc64le",
          "openSUSE Tumbleweed:trousers-0.3.15-1.7.s390x",
          "openSUSE Tumbleweed:trousers-0.3.15-1.7.x86_64",
          "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.aarch64",
          "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.ppc64le",
          "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.s390x",
          "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-24332",
          "url": "https://www.suse.com/security/cve/CVE-2020-24332"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1164472 for CVE-2020-24332",
          "url": "https://bugzilla.suse.com/1164472"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:libtspi1-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:trousers-0.3.15-1.7.x86_64",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.aarch64",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.ppc64le",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.s390x",
            "openSUSE Tumbleweed:trousers-devel-0.3.15-1.7.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-24332"
    }
  ]
}

opensuse-su-2020:0744-1

Vulnerability from csaf_opensuse

Published

2020-05-29 18:16

Modified

2020-05-29 18:16

Summary

Security update for trousers

Notes

Title of the patch

Security update for trousers

Description of the patch

Patchnames

openSUSE-2020-744

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for trousers",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for trousers fixes the following issues:\n\n- CVE-2019-18898: Fixed a local symlink attack where a rogue tss user\n  could have gain ownership of arbitrary files in the system during\n  installation/update of the trousers package (bsc#1157651).\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-744",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0744-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0744-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IPMUZXQ2EEXKKUWFYJCRFUYXSXOEJHC6/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0744-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/IPMUZXQ2EEXKKUWFYJCRFUYXSXOEJHC6/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157651",
        "url": "https://bugzilla.suse.com/1157651"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18898 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18898/"
      }
    ],
    "title": "Security update for trousers",
    "tracking": {
      "current_release_date": "2020-05-29T18:16:41Z",
      "generator": {
        "date": "2020-05-29T18:16:41Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0744-1",
      "initial_release_date": "2020-05-29T18:16:41Z",
      "revision_history": [
        {
          "date": "2020-05-29T18:16:41Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-lp151.4.6.1.i586",
                "product": {
                  "name": "libtspi1-0.3.14-lp151.4.6.1.i586",
                  "product_id": "libtspi1-0.3.14-lp151.4.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-lp151.4.6.1.i586",
                "product": {
                  "name": "trousers-0.3.14-lp151.4.6.1.i586",
                  "product_id": "trousers-0.3.14-lp151.4.6.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-lp151.4.6.1.i586",
                "product": {
                  "name": "trousers-devel-0.3.14-lp151.4.6.1.i586",
                  "product_id": "trousers-devel-0.3.14-lp151.4.6.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-lp151.4.6.1.x86_64",
                "product": {
                  "name": "libtspi1-0.3.14-lp151.4.6.1.x86_64",
                  "product_id": "libtspi1-0.3.14-lp151.4.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64",
                "product": {
                  "name": "libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64",
                  "product_id": "libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-lp151.4.6.1.x86_64",
                "product": {
                  "name": "trousers-0.3.14-lp151.4.6.1.x86_64",
                  "product_id": "trousers-0.3.14-lp151.4.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-lp151.4.6.1.x86_64",
                "product": {
                  "name": "trousers-devel-0.3.14-lp151.4.6.1.x86_64",
                  "product_id": "trousers-devel-0.3.14-lp151.4.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.14-lp151.4.6.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.6.1.i586"
        },
        "product_reference": "libtspi1-0.3.14-lp151.4.6.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.14-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.6.1.x86_64"
        },
        "product_reference": "libtspi1-0.3.14-lp151.4.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64"
        },
        "product_reference": "libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.14-lp151.4.6.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.6.1.i586"
        },
        "product_reference": "trousers-0.3.14-lp151.4.6.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.14-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.6.1.x86_64"
        },
        "product_reference": "trousers-0.3.14-lp151.4.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.14-lp151.4.6.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.6.1.i586"
        },
        "product_reference": "trousers-devel-0.3.14-lp151.4.6.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.14-lp151.4.6.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.6.1.x86_64"
        },
        "product_reference": "trousers-devel-0.3.14-lp151.4.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-18898",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18898"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.6.1.i586",
          "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.6.1.x86_64",
          "openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64",
          "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.6.1.i586",
          "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.6.1.x86_64",
          "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.6.1.i586",
          "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18898",
          "url": "https://www.suse.com/security/cve/CVE-2019-18898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154062 for CVE-2019-18898",
          "url": "https://bugzilla.suse.com/1154062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157651 for CVE-2019-18898",
          "url": "https://bugzilla.suse.com/1157651"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.6.1.i586",
            "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.6.1.x86_64",
            "openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64",
            "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.6.1.i586",
            "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.6.1.x86_64",
            "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.6.1.i586",
            "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.6.1.i586",
            "openSUSE Leap 15.1:libtspi1-0.3.14-lp151.4.6.1.x86_64",
            "openSUSE Leap 15.1:libtspi1-32bit-0.3.14-lp151.4.6.1.x86_64",
            "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.6.1.i586",
            "openSUSE Leap 15.1:trousers-0.3.14-lp151.4.6.1.x86_64",
            "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.6.1.i586",
            "openSUSE Leap 15.1:trousers-devel-0.3.14-lp151.4.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-29T18:16:41Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-18898"
    }
  ]
}

gsd-2019-18898

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2019-18898

Aliases

CVE-2019-18898

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2019-18898",
    "description": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.",
    "id": "GSD-2019-18898",
    "references": [
      "https://www.suse.com/security/cve/CVE-2019-18898.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2019-18898"
      ],
      "details": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.",
      "id": "GSD-2019-18898",
      "modified": "2023-12-13T01:23:50.119321Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@suse.com",
        "DATE_PUBLIC": "2019-11-26T00:00:00.000Z",
        "ID": "CVE-2019-18898",
        "STATE": "PUBLIC",
        "TITLE": "trousers: Local privilege escalation from tss to root"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "SUSE Linux Enterprise Server 15 SP1",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "trousers",
                          "version_value": "0.3.14-6.3.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "SUSE"
            },
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Factory",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_name": "trousers",
                          "version_value": "0.3.14-7.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "openSUSE"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Johannes Segitz from SUSE"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-59: Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "openSUSE-SU-2020:0744",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html"
          },
          {
            "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157651",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157651"
          }
        ]
      },
      "source": {
        "advisory": "https://bugzilla.suse.com/show_bug.cgi?id=1157651",
        "defect": [
          "1157651"
        ],
        "discovery": "INTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:suse:trousers:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "0.3.14-6.3.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp1:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:suse:trousers:*:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "versionEndExcluding": "0.3.14-7.1",
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:suse:opensuse_factory:-:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security@suse.com",
          "ID": "CVE-2019-18898"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-59"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.suse.com/show_bug.cgi?id=1157651",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157651"
            },
            {
              "name": "openSUSE-SU-2020:0744",
              "refsource": "SUSE",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-10T04:43Z",
      "publishedDate": "2020-01-23T14:15Z"
    }
  }
}

ghsa-w5w4-523j-qm3v

Vulnerability from github

Published

2022-05-24 17:07

Modified

2022-11-10 12:01

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2019-18898"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-59"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-01-23T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.",
  "id": "GHSA-w5w4-523j-qm3v",
  "modified": "2022-11-10T12:01:04Z",
  "published": "2022-05-24T17:07:12Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-18898"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157651"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

fkie_cve-2019-18898

Vulnerability from fkie_nvd

Published

2020-01-23 14:15

Modified

2024-11-21 04:33

Severity ?

7.7 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
meissner@suse.de	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html	Mailing List, Third Party Advisory
meissner@suse.de	https://bugzilla.suse.com/show_bug.cgi?id=1157651	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.suse.com/show_bug.cgi?id=1157651	Exploit, Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
suse	trousers	*
suse	suse_linux_enterprise_server	15
suse	trousers	*
suse	opensuse_factory	-
opensuse	leap	15.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:trousers:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F83609-2CE3-4073-819D-8D5F548C0324",
              "versionEndExcluding": "0.3.14-6.3.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:suse_linux_enterprise_server:15:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "7642C831-6063-4405-A352-431CE374458A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:suse:trousers:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A115FCF0-E6FF-4B0C-BA91-1798C335ED0D",
              "versionEndExcluding": "0.3.14-7.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:suse:opensuse_factory:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D9A5D6-4B12-4B25-ACD2-560C864B6FE1",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1."
    },
    {
      "lang": "es",
      "value": "Enlace simb\u00f3lico de UNIX (Symlink) Siguiendo la vulnerabilidad en el paquete trousers de SUSE Linux Enterprise Server 15 SP1; Los atacantes locales permitidos por openSUSE Factory escalan los privilegios del usuario tss al root. Este problema afecta a: SUSE Linux Enterprise Server 15 SP1 versiones de trousers anteriores a la versi\u00f3n 0.3.14-6.3.1. Versiones de trousers openSUSE Factory anteriores a  la versi\u00f3n 0.3.14-7.1."
    }
  ],
  "id": "CVE-2019-18898",
  "lastModified": "2024-11-21T04:33:48.173",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 7.7,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.5,
        "impactScore": 5.2,
        "source": "meissner@suse.de",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-23T14:15:12.327",
  "references": [
    {
      "source": "meissner@suse.de",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html"
    },
    {
      "source": "meissner@suse.de",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157651"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00066.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.suse.com/show_bug.cgi?id=1157651"
    }
  ],
  "sourceIdentifier": "meissner@suse.de",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "meissner@suse.de",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-59"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

suse-su-2019:3349-1

Vulnerability from csaf_suse

Published

2019-12-19 15:13

Modified

2019-12-19 15:13

Summary

Security update for trousers

Notes

Title of the patch

Security update for trousers

Description of the patch

Patchnames

SUSE-2019-3349,SUSE-SLE-Module-Basesystem-15-SP1-2019-3349,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3349

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for trousers",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for trousers fixes the following issues:\n\n- CVE-2019-18898: Fixed a local symlink attack where a rogue tss user\n  could have gain ownership of arbitrary files in the system during\n  installation/update of the trousers package (bsc#1157651).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2019-3349,SUSE-SLE-Module-Basesystem-15-SP1-2019-3349,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-3349",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_3349-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2019:3349-1",
        "url": "https://www.suse.com/support/update/announcement/2019/suse-su-20193349-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2019:3349-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2019-December/006277.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157651",
        "url": "https://bugzilla.suse.com/1157651"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-18898 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-18898/"
      }
    ],
    "title": "Security update for trousers",
    "tracking": {
      "current_release_date": "2019-12-19T15:13:16Z",
      "generator": {
        "date": "2019-12-19T15:13:16Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2019:3349-1",
      "initial_release_date": "2019-12-19T15:13:16Z",
      "revision_history": [
        {
          "date": "2019-12-19T15:13:16Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-6.3.1.aarch64",
                "product": {
                  "name": "libtspi1-0.3.14-6.3.1.aarch64",
                  "product_id": "libtspi1-0.3.14-6.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-6.3.1.aarch64",
                "product": {
                  "name": "trousers-0.3.14-6.3.1.aarch64",
                  "product_id": "trousers-0.3.14-6.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-6.3.1.aarch64",
                "product": {
                  "name": "trousers-devel-0.3.14-6.3.1.aarch64",
                  "product_id": "trousers-devel-0.3.14-6.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-64bit-0.3.14-6.3.1.aarch64_ilp32",
                "product": {
                  "name": "libtspi1-64bit-0.3.14-6.3.1.aarch64_ilp32",
                  "product_id": "libtspi1-64bit-0.3.14-6.3.1.aarch64_ilp32"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64_ilp32"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-6.3.1.i586",
                "product": {
                  "name": "libtspi1-0.3.14-6.3.1.i586",
                  "product_id": "libtspi1-0.3.14-6.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-6.3.1.i586",
                "product": {
                  "name": "trousers-0.3.14-6.3.1.i586",
                  "product_id": "trousers-0.3.14-6.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-6.3.1.i586",
                "product": {
                  "name": "trousers-devel-0.3.14-6.3.1.i586",
                  "product_id": "trousers-devel-0.3.14-6.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-6.3.1.ppc64le",
                "product": {
                  "name": "libtspi1-0.3.14-6.3.1.ppc64le",
                  "product_id": "libtspi1-0.3.14-6.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-6.3.1.ppc64le",
                "product": {
                  "name": "trousers-0.3.14-6.3.1.ppc64le",
                  "product_id": "trousers-0.3.14-6.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-6.3.1.ppc64le",
                "product": {
                  "name": "trousers-devel-0.3.14-6.3.1.ppc64le",
                  "product_id": "trousers-devel-0.3.14-6.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-6.3.1.s390x",
                "product": {
                  "name": "libtspi1-0.3.14-6.3.1.s390x",
                  "product_id": "libtspi1-0.3.14-6.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-6.3.1.s390x",
                "product": {
                  "name": "trousers-0.3.14-6.3.1.s390x",
                  "product_id": "trousers-0.3.14-6.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-6.3.1.s390x",
                "product": {
                  "name": "trousers-devel-0.3.14-6.3.1.s390x",
                  "product_id": "trousers-devel-0.3.14-6.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libtspi1-0.3.14-6.3.1.x86_64",
                "product": {
                  "name": "libtspi1-0.3.14-6.3.1.x86_64",
                  "product_id": "libtspi1-0.3.14-6.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libtspi1-32bit-0.3.14-6.3.1.x86_64",
                "product": {
                  "name": "libtspi1-32bit-0.3.14-6.3.1.x86_64",
                  "product_id": "libtspi1-32bit-0.3.14-6.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-0.3.14-6.3.1.x86_64",
                "product": {
                  "name": "trousers-0.3.14-6.3.1.x86_64",
                  "product_id": "trousers-0.3.14-6.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "trousers-devel-0.3.14-6.3.1.x86_64",
                "product": {
                  "name": "trousers-devel-0.3.14-6.3.1.x86_64",
                  "product_id": "trousers-devel-0.3.14-6.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.14-6.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.aarch64"
        },
        "product_reference": "libtspi1-0.3.14-6.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.14-6.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.ppc64le"
        },
        "product_reference": "libtspi1-0.3.14-6.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.14-6.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.s390x"
        },
        "product_reference": "libtspi1-0.3.14-6.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libtspi1-0.3.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.x86_64"
        },
        "product_reference": "libtspi1-0.3.14-6.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.14-6.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.aarch64"
        },
        "product_reference": "trousers-0.3.14-6.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.14-6.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.ppc64le"
        },
        "product_reference": "trousers-0.3.14-6.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.14-6.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.s390x"
        },
        "product_reference": "trousers-0.3.14-6.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-0.3.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.x86_64"
        },
        "product_reference": "trousers-0.3.14-6.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.14-6.3.1.aarch64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.aarch64"
        },
        "product_reference": "trousers-devel-0.3.14-6.3.1.aarch64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.14-6.3.1.ppc64le as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.ppc64le"
        },
        "product_reference": "trousers-devel-0.3.14-6.3.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.14-6.3.1.s390x as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.s390x"
        },
        "product_reference": "trousers-devel-0.3.14-6.3.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "trousers-devel-0.3.14-6.3.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
          "product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.x86_64"
        },
        "product_reference": "trousers-devel-0.3.14-6.3.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2019-18898",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-18898"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.x86_64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.aarch64",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.ppc64le",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.s390x",
          "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-18898",
          "url": "https://www.suse.com/security/cve/CVE-2019-18898"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1154062 for CVE-2019-18898",
          "url": "https://bugzilla.suse.com/1154062"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1157651 for CVE-2019-18898",
          "url": "https://bugzilla.suse.com/1157651"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:libtspi1-0.3.14-6.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-0.3.14-6.3.1.x86_64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.aarch64",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.ppc64le",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.s390x",
            "SUSE Linux Enterprise Module for Basesystem 15 SP1:trousers-devel-0.3.14-6.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2019-12-19T15:13:16Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-18898"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2019-18898 (GCVE-0-2019-18898)

Vulnerability from cvelistv5

opensuse-su-2020:0015-1

Vulnerability from csaf_opensuse

opensuse-su-2024:11476-1

Vulnerability from csaf_opensuse

opensuse-su-2020:0744-1

Vulnerability from csaf_opensuse

gsd-2019-18898

Vulnerability from gsd

ghsa-w5w4-523j-qm3v

Vulnerability from github

fkie_cve-2019-18898

Vulnerability from fkie_nvd

suse-su-2019:3349-1

Vulnerability from csaf_suse

Tags

Sightings

Nomenclature