Bug 1146784

Summary: AUDIT-FIND: resource-agents: Static tmp file in drbd.linbit
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: nick wang <nwang>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: dakechi, varkoly
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1021689    

Description Johannes Segitz 2019-08-22 08:47:39 UTC 
resource-agents-4.3.018.a7fb5035/tools/ocft/drbd.linbit
 10         DRBDCONF=/tmp/ocft_drbd_tmp.conf
then written in
 37         cat >$DRBDCONF <<EOF
 38         global {

Please create the tmp file in a secure way
Comment 1 Diego Vinicius Akechi 2020-03-18 10:40:10 UTC 
Nick, can you please take a look?
Comment 3 nick wang 2020-03-27 05:57:05 UTC 
Fix is accepted in upstream, refer to https://github.com/ClusterLabs/resource-agents/pull/1468
Comment 7 Swamp Workflow Management 2020-04-23 19:32:48 UTC 
SUSE-SU-2020:1090-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    resource-agents-4.3.0184.6ee15eb2-3.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-04-23 19:35:19 UTC 
SUSE-SU-2020:1089-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 15-SP1 (src):    resource-agents-4.3.0184.6ee15eb2-4.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-04-23 19:36:43 UTC 
SUSE-SU-2020:1092-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146776,1146784,1146785,1146787,1146789,1161898
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP3 (src):    resource-agents-4.0.1+git.1495055229.643177f1-2.45.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 10 Swamp Workflow Management 2020-04-23 19:38:34 UTC 
SUSE-SU-2020:1091-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787,1146789
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP5 (src):    resource-agents-4.3.018.a7fb5035-3.42.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    resource-agents-4.3.018.a7fb5035-3.42.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 11 Swamp Workflow Management 2020-04-24 19:19:19 UTC 
SUSE-SU-2020:14348-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146784,1146785,1146787
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    resource-agents-3.9.5-50.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 12 Swamp Workflow Management 2020-05-01 22:38:17 UTC 
openSUSE-SU-2020:0585-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787
CVE References: 
Sources used:
openSUSE Leap 15.1 (src):    resource-agents-4.3.0184.6ee15eb2-lp151.3.18.1
Comment 13 nick wang 2020-05-14 02:53:23 UTC 
Close due to the requests are merged in SLE.
Free to reopen if still need to track in any cases.
Comment 20 Swamp Workflow Management 2022-07-08 13:17:24 UTC 
SUSE-SU-2022:2337-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787,1196164,1197956,1199766
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 15-SP2 (src):    resource-agents-4.4.0+git57.70549516-150200.3.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.