cscreen-1.4-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11924-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cscreen-1.4-1.1 on GA media These are all security issues fixed in the cscreen-1.4-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11924 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2022-21945/ SUSE CVE CVE-2022-21945 page https://www.suse.com/security/cve/CVE-2022-21946/ SUSE CVE CVE-2022-21946 page openSUSE Tumbleweed cscreen-1.4-1.1 cscreen-1.4-1.1 as a component of openSUSE Tumbleweed A Insecure Temporary File vulnerability in cscreen of openSUSE Factory allows local attackers to cause DoS for cscreen and a system DoS for non-default systems. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. CVE-2022-21945 openSUSE Tumbleweed:cscreen-1.4-1.1 moderate 3.6 AV:L/AC:L/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-21945.html CVE-2022-21945 https://bugzilla.suse.com/1196446 SUSE Bug 1196446 A Incorrect Permission Assignment for Critical Resource vulnerability in the sudoers configuration in cscreen of openSUSE Factory allows any local users to gain the privileges of the tty and dialout groups and access and manipulate any running cscreen seesion. This issue affects: openSUSE Factory cscreen version 1.2-1.3 and prior versions. CVE-2022-21946 openSUSE Tumbleweed:cscreen-1.4-1.1 moderate 4.6 AV:L/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2022-21946.html CVE-2022-21946 https://bugzilla.suse.com/1196451 SUSE Bug 1196451