Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
race condition on texlive-filesystem cron job allows for the deletion of unintended files
Vulnerability Description
A Race Condition Enabling Link Following vulnerability in the cron job shipped with texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users in group mktex to delete arbitrary files on the system This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
检查时间与使用时间(TOCTOU)的竞争条件
Vulnerability Title
多款SUSE产品texlive-filesystem 竞争条件问题漏洞
Vulnerability Description
openSUSE是德国SUSE公司的一套基于Linux的自由操作系统与开源社区项目。 多款SUSE产品中的texlive-filesystem存在安全漏洞。攻击者可利用该漏洞删除系统上的任意文件。以下产品及版本受到影响:SUSE Linux Enterprise Module for Desktop Applications 15-SP1版本( texlive-filesystem 2017.135-9.5.1之前版本);SUSE Linux Enterprise Software Development
CVSS Information
N/A
Vulnerability Type
N/A