PT-2020-19920 · Suse · Texlive-Filesystem+1

Matthias Gerstner

Published

2020-04-02

Updated

2024-06-15

CVE-2020-8016

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions texlive-filesystem versions prior to 2017.135-9.5.1 texlive-filesystem versions prior to 2013.74-16.5.1 openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1

Description A Race Condition Enabling Link Following issue in the packaging of texlive-filesystem allows local users to corrupt files or potentially escalate privileges.

Recommendations For SUSE Linux Enterprise Module for Desktop Applications 15-SP1, update texlive-filesystem to version 2017.135-9.5.1 or later. For SUSE Linux Enterprise Software Development Kit 12-SP4 and 12-SP5, update texlive-filesystem to version 2013.74-16.5.1 or later. For openSUSE Leap 15.1, update texlive-filesystem to version 2017.135-lp151.8.3.1 or later.

Exploit

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2020-8016

OPENSUSE-SU-2020:0804-1

OPENSUSE-SU-2020_0804-1

OPENSUSE-SU-2024:11431-1

OPENSUSE-SU-2024:11432-1

SUSE-SU-2020:1580-1

SUSE-SU-2020:1580-2

SUSE-SU-2020:1581-1

SUSE-SU-2020_1580-1

SUSE-SU-2020_1580-2

SUSE-SU-2020_1581-1

Affected Products

Suse

Texlive-Filesystem

PT-2020-19920 · Suse · Texlive-Filesystem+1

CVE-2020-8016

Weakness Enumeration

Related Identifiers

Affected Products

References · 22