Note:
This project will be discontinued after December 13, 2021. [more]
2020-01-23
The apt-cacher-ng package of openSUSE Leap 15.1 runs operations in user owned directory /run/apt-cacher-ng with root privileges. This can allow local attackers to influence the outcome of these operations. This issue affects: openSUSE Leap 15.1 apt-cacher-ng versions prior to 3.1-lp151.3.3.1.
| Products | Apt\-Cacher\-Ng, Backports |
| Type | Improper Privilege Management (CWE-269) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugzilla.suse.com/show_bug.cgi?id=1157703
• http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html |