PT-2020-19921 · Opensuse+1 · Texlive-Filesystem+1

Matthias Gerstner

Published

2020-04-02

Updated

2024-06-15

CVE-2020-8017

CVSS v3.1

6.3

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions texlive-filesystem versions prior to 2017.135-9.5.1 texlive-filesystem versions prior to 2013.74-16.5.1 openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1

Description A race condition enabling link following issue in the cron job shipped with texlive-filesystem allows local users in group mktex to delete arbitrary files on the system.

Recommendations For texlive-filesystem versions prior to 2017.135-9.5.1, update to version 2017.135-9.5.1 or later. For texlive-filesystem versions prior to 2013.74-16.5.1, update to version 2013.74-16.5.1 or later. For openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1, update to version 2017.135-lp151.8.3.1 or later.

Fix

Time Of Check To Time Of Use

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-367

Related Identifiers

CVE-2020-8017

OPENSUSE-SU-2020:0804-1

OPENSUSE-SU-2020_0804-1

OPENSUSE-SU-2024:11432-1

SUSE-SU-2020:1580-1

SUSE-SU-2020:1580-2

SUSE-SU-2020:1581-1

SUSE-SU-2020_1580-1

SUSE-SU-2020_1580-2

SUSE-SU-2020_1581-1

Affected Products

Suse

Texlive-Filesystem

PT-2020-19921 · Opensuse+1 · Texlive-Filesystem+1

CVE-2020-8017

Weakness Enumeration

Related Identifiers

Affected Products

References · 18