![oss-sec logo](/images/oss-sec-logo.png)
oss-sec mailing list archives
Re: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector
From: Matthias Gerstner <mgerstner () suse de>
Date: Mon, 27 Jan 2020 10:43:58 +0100
I've informed the upstream maintainer about this issue on 2019-11-13 and discussed various aspects of a suitable security fix with him. No agreement on a suitable publication date for this finding or a final patch could be achieved and I did not hear back for around a month by now.
I've been informed by a third party that an upstream release sarg-2.4.0 [1] containing a fix [2] is now available. [1]: https://sourceforge.net/projects/sarg/files/sarg/sarg-2.4.0/ [2]: https://sourceforge.net/p/sarg/code/ci/8ec6d20be8c0da3c885aba78e63251f2e5080748
Attachment:
signature.asc
Description:
Current thread:
- CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector Matthias Gerstner (Jan 20)
- Re: CVE-2019-18932: sarg: insecure usage of /tmp/sarg allows privilege escalation / DoS attack vector Matthias Gerstner (Jan 27)