opensuse-su-2020:0958-1
Vulnerability from csaf_opensuse
Published
2020-07-14 04:27
Modified
2020-07-14 04:27
Summary
Security update for hylafax+
Notes
Title of the patch
Security update for hylafax+
Description of the patch
This update for hylafax+ fixes the following issues:
Security issue fixed:
- CVE-2020-8024 boo#1172731
hylafax+ was updated to version 7.0.2:
* change FIXEDWIDTH default to better accommodate auto-rotation (13 Dec 2019)
* prevent SSL_accept() from blocking (5 Dec 2019)
* support libtiff v4.1 (5 Dec 2019)
* fix ignoremodembusy feature broken by ModemGroup limits feature (16 Nov 2019)
Version 7.0.1:
* create a client timeout setting and change the default from 60 to
3600 seconds (26 Sep 2019)
* extend timeout for receiving ECM frames (21 Aug 2019)
* fix timeout in Class 1 frame reception (5 Aug 2019)
* improve Class 1 protocol handling when MaxRecvPages exceeded (31 Jul 2019)
* fix ModemGroup limit default (11 Jul 2019)
* fix recovery for SSL Fax write failures (6 Jun 2019)
Version 7.0.0:
* add LDAP features for compatibility with ActiveDirectory (25 Mar-1 Apr 2019)
* fix recovery after SSL Fax 'accept failure' (18 Mar 2019)
* add TextFormat overstrike option and disable by default (6 Feb 2019)
* fix the page size of cover sheets returned via notify (8 Jan 2019)
* fix or silence numerous compiler warnings (19, 22, 28 Dec 2018)
* fix pagehandling updating after a proxy has been used (7-8 Dec 2018)
* add faxmail stderr output of RFC2047 decoding results (5 Dec 2018)
* fix faxmail handling of headers encoded with UTF-8 (4 Dec 2018)
* fix faxmail handling of base64-encoded text parts (4 Dec 2018)
* add SSL Fax support (9-26, 29 Nov; 11, 18, 25 Dec 2018; 2, 7, 23 Jan 2019)
Patchnames
openSUSE-2020-958
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for hylafax+",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for hylafax+ fixes the following issues:\n\nSecurity issue fixed:\n\n- CVE-2020-8024 boo#1172731 \n\nhylafax+ was updated to version 7.0.2:\n\n* change FIXEDWIDTH default to better accommodate auto-rotation (13 Dec 2019)\n* prevent SSL_accept() from blocking (5 Dec 2019)\n* support libtiff v4.1 (5 Dec 2019)\n* fix ignoremodembusy feature broken by ModemGroup limits feature (16 Nov 2019)\n\nVersion 7.0.1:\n\n* create a client timeout setting and change the default from 60 to\n 3600 seconds (26 Sep 2019)\n* extend timeout for receiving ECM frames (21 Aug 2019)\n* fix timeout in Class 1 frame reception (5 Aug 2019)\n* improve Class 1 protocol handling when MaxRecvPages exceeded (31 Jul 2019)\n* fix ModemGroup limit default (11 Jul 2019)\n* fix recovery for SSL Fax write failures (6 Jun 2019)\n\nVersion 7.0.0:\n\n* add LDAP features for compatibility with ActiveDirectory (25 Mar-1 Apr 2019)\n* fix recovery after SSL Fax \u0027accept failure\u0027 (18 Mar 2019)\n* add TextFormat overstrike option and disable by default (6 Feb 2019)\n* fix the page size of cover sheets returned via notify (8 Jan 2019)\n* fix or silence numerous compiler warnings (19, 22, 28 Dec 2018)\n* fix pagehandling updating after a proxy has been used (7-8 Dec 2018)\n* add faxmail stderr output of RFC2047 decoding results (5 Dec 2018)\n* fix faxmail handling of headers encoded with UTF-8 (4 Dec 2018)\n* fix faxmail handling of base64-encoded text parts (4 Dec 2018)\n* add SSL Fax support (9-26, 29 Nov; 11, 18, 25 Dec 2018; 2, 7, 23 Jan 2019)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-958",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0958-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0958-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XHWPHMKS35ISNF5JZ56E5H5RJWYOEWF5/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0958-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XHWPHMKS35ISNF5JZ56E5H5RJWYOEWF5/"
},
{
"category": "self",
"summary": "SUSE Bug 1172731",
"url": "https://bugzilla.suse.com/1172731"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8024 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8024/"
}
],
"title": "Security update for hylafax+",
"tracking": {
"current_release_date": "2020-07-14T04:27:24Z",
"generator": {
"date": "2020-07-14T04:27:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0958-1",
"initial_release_date": "2020-07-14T04:27:24Z",
"revision_history": [
{
"date": "2020-07-14T04:27:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "hylafax+-7.0.2-lp151.4.3.1.x86_64",
"product": {
"name": "hylafax+-7.0.2-lp151.4.3.1.x86_64",
"product_id": "hylafax+-7.0.2-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "hylafax+-client-7.0.2-lp151.4.3.1.x86_64",
"product": {
"name": "hylafax+-client-7.0.2-lp151.4.3.1.x86_64",
"product_id": "hylafax+-client-7.0.2-lp151.4.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64",
"product": {
"name": "libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64",
"product_id": "libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hylafax+-7.0.2-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:hylafax+-7.0.2-lp151.4.3.1.x86_64"
},
"product_reference": "hylafax+-7.0.2-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hylafax+-client-7.0.2-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:hylafax+-client-7.0.2-lp151.4.3.1.x86_64"
},
"product_reference": "hylafax+-client-7.0.2-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64"
},
"product_reference": "libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-8024",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8024"
}
],
"notes": [
{
"category": "general",
"text": "A Incorrect Default Permissions vulnerability in the packaging of hylafax+ of openSUSE Leap 15.2, openSUSE Leap 15.1, openSUSE Factory allows local attackers to escalate from user uucp to users calling hylafax binaries. This issue affects: openSUSE Leap 15.2 hylafax+ versions prior to 7.0.2-lp152.2.1. openSUSE Leap 15.1 hylafax+ version 5.6.1-lp151.3.7 and prior versions. openSUSE Factory hylafax+ versions prior to 7.0.2-2.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:hylafax+-7.0.2-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:hylafax+-client-7.0.2-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8024",
"url": "https://www.suse.com/security/cve/CVE-2020-8024"
},
{
"category": "external",
"summary": "SUSE Bug 1172731 for CVE-2020-8024",
"url": "https://bugzilla.suse.com/1172731"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:hylafax+-7.0.2-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:hylafax+-client-7.0.2-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:hylafax+-7.0.2-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:hylafax+-client-7.0.2-lp151.4.3.1.x86_64",
"openSUSE Leap 15.1:libfaxutil7_0_2-7.0.2-lp151.4.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-07-14T04:27:24Z",
"details": "moderate"
}
],
"title": "CVE-2020-8024"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…