CVE-2020-8016: race condition in the packaging of texlive-filesysten
First published: Wed Apr 01 2020(Updated: )
A Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local users to corrupt files or potentially escalate privileges. This issue affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise Software Development Kit 12-SP4 texlive-filesystem versions prior to 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
Credit: meissner@suse.de
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Opensuse Texlive-filesystem | <2017.135-9.5.1 | |
| SUSE Linux Enterprise Desktop | =15-sp1 | |
| Opensuse Texlive-filesystem | <2013.74-16.5.1 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =12-sp5 | |
| Opensuse Texlive-filesystem | ||
| SUSE Linux Enterprise Desktop | =15 | |
| Opensuse Texlive-filesystem | <2017.135-lp151.8.3.1 | |
| openSUSE Leap | =15.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-8016?
CVE-2020-8016 is a Race Condition Enabling Link Following vulnerability in the packaging of texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1.
Which software versions are affected by CVE-2020-8016?
CVE-2020-8016 affects texlive-filesystem of Opensuse versions 2017.135-9.5.1 and 2013.74-16.5.1, SUSE Linux Enterprise Desktop 15 SP1, SUSE Linux Enterprise Software Development Kit 12 SP4, SUSE Linux Enterprise Software Development Kit 12 SP5, and openSUSE Leap 15.1.
What is the severity of CVE-2020-8016?
CVE-2020-8016 has a severity value of 7, indicating a high severity.
How can I fix CVE-2020-8016?
To fix CVE-2020-8016, update your texlive-filesystem package to a non-vulnerable version provided by your vendor.
Where can I find more information about CVE-2020-8016?
You can find more information about CVE-2020-8016 on the OpenSUSE security announcement and the Bugzilla page.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/weakness
- agent/author
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/opensuse
- canonical/opensuse texlive-filesystem
- vendor/suse
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/15-sp1
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/12-sp4
- version/suse linux enterprise software development kit/12-sp5
- version/suse linux enterprise desktop/15
- canonical/opensuse leap
- version/opensuse leap/15.1