URL:
<https://savannah.gnu.org/bugs/?58584>
Summary: Various security issues for gnuhealth-control
Project: GNU Health
Submitted by: coogor
Submitted on: Tue 16 Jun 2020 05:42:54 PM UTC
Category: Security
Severity: 4 - Important
Item Group: None
Status: None
Privacy: Private
Assigned to: None
Open/Closed: Open
Release: None
Discussion Lock: Any
Module: gnuhealth-control
_______________________________________________________
Details:
The SUSE security team has conducted an audit on gnuhealth-control and found
issues related to:
https://bugzilla.opensuse.org/show_bug.cgi?id=1167126
(Local privilege escalation in gnuhealth-control, use of static tmp file/http
transport )
https://bugzilla.opensuse.org/show_bug.cgi?id=1167128
(Local DoS of backup functionality in gnuhealth-control due to use of static
tmp files)
These issues are fixed in gnuhaelth-control shipped with openSUSE, but not yet
in gnuhealth-vanilla
The attached gnuhealth-control should fix the issues mentioned above
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Tue 16 Jun 2020 05:42:54 PM UTC Name: gnuhealth-control_364 Size:
19KiB By: coogor
gnuhealth-control with fixes applied
<http://savannah.gnu.org/bugs/download.php?file_id=49279>
_______________________________________________________
Reply to this item at:
<https://savannah.gnu.org/bugs/?58584>
_______________________________________________
Message sent via Savannah
https://savannah.gnu.org/
