http://bugzilla.opensuse.org/show_bug.cgi?id=1154466 Bug ID: 1154466 Summary: VUL-0: CVE-2019-18192: guix: Insecure permissions on Guix profile directory Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.0 Hardware: Other URL: https://smash.suse.de/issue/245319/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: sleep_walker@opensuse.org Reporter: atoptsoglou@suse.com QA Contact: security-team@suse.de Found By: Security Response Team Blocker: --- CVE-2019-18192 GNU Guix 1.0.1 allows local users to gain access to an arbitrary user's account because the parent directory of the user-profile directories is world writable, a similar issue to CVE-2019-17365. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-18192 http://seclists.org/oss-sec/2019/q4/30 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18192 https://issues.guix.gnu.org/issue/37744 https://git.savannah.gnu.org/cgit/guix.git/commit/?id=81c580c8664bfeeb767e2c... https://guix.gnu.org/blog/2019/insecure-permissions-on-profile-directory-cve... -- You are receiving this mail because: You are on the CC list for the bug.