First published: Tue Jun 09 2020(Updated: )
A symbolic link vulnerability in some Lenovo installation packages, prior to version 1.2.9.3, could allow privileged file operations during file extraction and installation.
Credit: psirt@lenovo.com
Affected Software | Affected Version | How to fix |
---|---|---|
Lenovo installation package | <1.2.9.3 |
To mitigate these vulnerabilities, Lenovo recommends installing Lenovo software updates through Lenovo Vantage, Lenovo System Update, or Windows Update. Updates delivered through Update Retriever, Thin Installer, and System Update are also not affected. Lenovo installation packages version 1.2.9.3 or later are not affected.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.