libtspi1-0.3.15-1.7 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11476-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libtspi1-0.3.15-1.7 on GA media These are all security issues fixed in the libtspi1-0.3.15-1.7 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11476 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-18898/ SUSE CVE CVE-2019-18898 page https://www.suse.com/security/cve/CVE-2020-24332/ SUSE CVE CVE-2020-24332 page openSUSE Tumbleweed libtspi1-0.3.15-1.7 libtspi1-32bit-0.3.15-1.7 trousers-0.3.15-1.7 trousers-devel-0.3.15-1.7 libtspi1-0.3.15-1.7 as a component of openSUSE Tumbleweed libtspi1-32bit-0.3.15-1.7 as a component of openSUSE Tumbleweed trousers-0.3.15-1.7 as a component of openSUSE Tumbleweed trousers-devel-0.3.15-1.7 as a component of openSUSE Tumbleweed UNIX Symbolic Link (Symlink) Following vulnerability in the trousers package of SUSE Linux Enterprise Server 15 SP1; openSUSE Factory allowed local attackers escalate privileges from user tss to root. This issue affects: SUSE Linux Enterprise Server 15 SP1 trousers versions prior to 0.3.14-6.3.1. openSUSE Factory trousers versions prior to 0.3.14-7.1. CVE-2019-18898 openSUSE Tumbleweed:libtspi1-0.3.15-1.7 openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7 openSUSE Tumbleweed:trousers-0.3.15-1.7 openSUSE Tumbleweed:trousers-devel-0.3.15-1.7 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-18898.html CVE-2019-18898 https://bugzilla.suse.com/1154062 SUSE Bug 1154062 https://bugzilla.suse.com/1157651 SUSE Bug 1157651 An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges, the creation of the system.data file is prone to symlink attacks. The tss user can be used to create or corrupt existing files, which could possibly lead to a DoS attack. CVE-2020-24332 openSUSE Tumbleweed:libtspi1-0.3.15-1.7 openSUSE Tumbleweed:libtspi1-32bit-0.3.15-1.7 openSUSE Tumbleweed:trousers-0.3.15-1.7 openSUSE Tumbleweed:trousers-devel-0.3.15-1.7 moderate 4.9 AV:L/AC:L/Au:N/C:N/I:N/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-24332.html CVE-2020-24332 https://bugzilla.suse.com/1164472 SUSE Bug 1164472