{"affected":[],"aliases":[],"details":"This update for supportutils fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2018-19640: Fixed an issue where  users could kill arbitrary processes (bsc#1118463).\n- CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460).\n- CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462).\n- CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776).\n\nOther issues fixed:\n\n- Fixed invalid exit code commands (bsc#1125666).\n- Included additional SUSE separation (bsc#1125609).\n- Merged added listing of locked packes by zypper.\n- Exclude pam.txt per GDPR by default (bsc#1112461).\t  \n- Clarified -x functionality in supportconfig(8) (bsc#1115245).\t  \n- udev service and provide the whole journal content in supportconfig (bsc#1051797).\n- supportconfig collects tuned profile settings (bsc#1071545).\n- sfdisk -d no disk device specified (bsc#1043311).\n- Added vulnerabilites status check in basic-health.txt (bsc#1105849).\n- Added only sched_domain from cpu0.\n- Blacklist sched_domain from proc.txt (bsc#1046681).\n- Added firewall-cmd info.\n- Add ls -lA --time-style=long-iso /etc/products.d/\n- Dump lsof errors.\n- Added corosync status to ha_info.\n- Dump find errors in ib_info.\n\nThis update was imported from the SUSE:SLE-15:Update update project.","id":"openSUSE-SU-2019:0293-1","modified":"2019-03-23T11:09:34Z","published":"2019-03-23T11:09:34Z","references":[{"type":"ADVISORY","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Z5E2WUVXXXU3W3CLLARFPLLJ3RLQTXDJ/#Z5E2WUVXXXU3W3CLLARFPLLJ3RLQTXDJ"},{"type":"REPORT","url":"https://bugzilla.suse.com/1043311"},{"type":"REPORT","url":"https://bugzilla.suse.com/1046681"},{"type":"REPORT","url":"https://bugzilla.suse.com/1051797"},{"type":"REPORT","url":"https://bugzilla.suse.com/1071545"},{"type":"REPORT","url":"https://bugzilla.suse.com/1105849"},{"type":"REPORT","url":"https://bugzilla.suse.com/1112461"},{"type":"REPORT","url":"https://bugzilla.suse.com/1115245"},{"type":"REPORT","url":"https://bugzilla.suse.com/1117776"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118460"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118462"},{"type":"REPORT","url":"https://bugzilla.suse.com/1118463"},{"type":"REPORT","url":"https://bugzilla.suse.com/1125609"},{"type":"REPORT","url":"https://bugzilla.suse.com/1125666"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19637"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19638"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19639"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2018-19640"}],"related":["CVE-2018-19637","CVE-2018-19638","CVE-2018-19639","CVE-2018-19640"],"summary":"Security update for supportutils","upstream":["CVE-2018-19637","CVE-2018-19638","CVE-2018-19639","CVE-2018-19640"]}