CVE-2019-3684: susemanager installer creates world-readable swap files
First published: Mon May 13 2019(Updated: )
SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade created world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SUSE Manager | <=4.0.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SUSE Manager and Uyuni vulnerability?
The vulnerability ID for this SUSE Manager and Uyuni vulnerability is CVE-2019-3684.
What is the severity level of CVE-2019-3684?
The severity level of CVE-2019-3684 is medium.
How does CVE-2019-3684 affect SUSE Manager and Uyuni?
CVE-2019-3684 creates world-readable swap files on systems that don't have a swap already configured and don't have btrfs as filesystem in SUSE Manager until version 4.0.7 and Uyuni until commit 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade.
How can I fix CVE-2019-3684?
To fix CVE-2019-3684, update SUSE Manager to version 4.0.7 or later and Uyuni to a commit after 1b426ad5ed0a7191a6fb46bb83e98ae4b99a5ade.
Where can I find more information about CVE-2019-3684?
You can find more information about CVE-2019-3684 at the following link: https://bugzilla.suse.com/show_bug.cgi?id=1131954.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/references
- agent/author
- agent/tags
- agent/description
- agent/first-publish-date
- agent/title
- agent/event
- vendor/suse
- canonical/suse manager
- version/suse manager/4.0.7