Mailinglist Archive: opensuse-updates (113 mails)

< Previous Next >
openSUSE-SU-2017:1124-1: moderate: Security update for backintime
openSUSE Security Update: Security update for backintime

Announcement ID: openSUSE-SU-2017:1124-1
Rating: moderate
References: #1007723 #1032717
Cross-References: CVE-2017-7572
Affected Products:
openSUSE Leap 42.2
openSUSE Leap 42.1

An update that solves one vulnerability and has one errata
is now available.


This update for backintime to version 1.1.20 fixes several issues.

These security issues were fixed:

- CVE-2017-7572: The _checkPolkitPrivilege function in in
backintime used a deprecated polkit authorization method (unix-process)
that is subject to a race condition (time of check, time of use)
- Don't store passwords given to polkit helper
- boo#1007723: General security hardening measures

These non-security issues were fixed:

- Delete udev configuration files on uninstall
- Merge doc subpackage into main package

Patch Instructions:

To install this openSUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:

- openSUSE Leap 42.2:

zypper in -t patch openSUSE-2017-525=1

- openSUSE Leap 42.1:

zypper in -t patch openSUSE-2017-525=1

To bring your system up-to-date, use "zypper patch".

Package List:

- openSUSE Leap 42.2 (noarch):


- openSUSE Leap 42.1 (noarch):



< Previous Next >
This Thread
  • No further messages