Debian update for tmpreaper

Published: 2019-01-11 16:38:11
Severity Low
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2019-3461
CVSSv3 6.8 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CWE ID CWE-362
Exploitation vector Local
Public exploit N/A
Vulnerable software tmpreaper (Debian package)
Vulnerable software versions tmpreaper (Debian package) 1.6.0
tmpreaper (Debian package) 1.6.1
tmpreaper (Debian package) 1.6.2

Show more

Vendor URL Debian

Security Advisory

1) Race condition

Description

The vulnerability allows a local attacker to gain elevated privileges on the target system.

The vulnerability exists due to race condition. A local attacker can gain elevated privileges to conduct further attacks.

Remediation

Update the affected package to version: 1.6.13+nmu1+deb9u1

External links

https://www.debian.org/security/2019/dsa-4365

Back to List