Candidate: CVE-2020-8016
PublicDate: 2020-04-02 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8016
 https://bugzilla.suse.com/show_bug.cgi?id=1159740
Description:
 A Race Condition Enabling Link Following vulnerability in the packaging of
 texlive-filesystem of SUSE Linux Enterprise Module for Desktop Applications
 15-SP1, SUSE Linux Enterprise Software Development Kit 12-SP4, SUSE Linux
 Enterprise Software Development Kit 12-SP5; openSUSE Leap 15.1 allows local
 users to corrupt files or potentially escalate privileges. This issue
 affects: SUSE Linux Enterprise Module for Desktop Applications 15-SP1
 texlive-filesystem versions prior to 2017.135-9.5.1. SUSE Linux Enterprise
 Software Development Kit 12-SP4 texlive-filesystem versions prior to
 2013.74-16.5.1. SUSE Linux Enterprise Software Development Kit 12-SP5
 texlive-filesystem versions prior to 2013.74-16.5.1. openSUSE Leap 15.1
 texlive-filesystem versions prior to 2017.135-lp151.8.3.1.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H [7.0 HIGH]


Patches_texlive-base:
upstream_texlive-base: not-affected (suse packaging)
precise/esm_texlive-base: DNE
trusty_texlive-base: ignored (out of standard support)
trusty/esm_texlive-base: DNE
xenial_texlive-base: not-affected (suse packaging)
esm-infra/xenial_texlive-base: not-affected (suse packaging)
bionic_texlive-base: not-affected (suse packaging)
eoan_texlive-base: not-affected (suse packaging)
devel_texlive-base: not-affected (suse packaging)