Bug 1146787

Summary: AUDIT-FIND: resource-agents: Static tmp file in caselib.in
Product: [Novell Products] SUSE Security Incidents Reporter: Johannes Segitz <jsegitz>
Component: IncidentsAssignee: Peter Varkoly <varkoly>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: varkoly
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard: ibs:running:4161:low ibs:running:14743:important
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Bug Depends on:    
Bug Blocks: 1021689    

Description Johannes Segitz 2019-08-22 08:52:15 UTC 
resource-agents-4.3.018.a7fb5035/tools/ocft/caselib.in
96   setsid $aroot/$agent $cmd >/tmp/.ocft_runlog 2>&1 &

Please use a secure tmp file or log to a different place
Comment 4 Swamp Workflow Management 2020-04-23 19:33:01 UTC 
SUSE-SU-2020:1090-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 15 (src):    resource-agents-4.3.0184.6ee15eb2-3.37.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 5 Swamp Workflow Management 2020-04-23 19:35:31 UTC 
SUSE-SU-2020:1089-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 15-SP1 (src):    resource-agents-4.3.0184.6ee15eb2-4.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 6 Swamp Workflow Management 2020-04-23 19:36:55 UTC 
SUSE-SU-2020:1092-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146776,1146784,1146785,1146787,1146789,1161898
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP3 (src):    resource-agents-4.0.1+git.1495055229.643177f1-2.45.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 7 Swamp Workflow Management 2020-04-23 19:38:47 UTC 
SUSE-SU-2020:1091-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787,1146789
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability 12-SP5 (src):    resource-agents-4.3.018.a7fb5035-3.42.1
SUSE Linux Enterprise High Availability 12-SP4 (src):    resource-agents-4.3.018.a7fb5035-3.42.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 8 Swamp Workflow Management 2020-04-24 19:19:32 UTC 
SUSE-SU-2020:14348-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146784,1146785,1146787
CVE References: 
Sources used:
SUSE Linux Enterprise High Availability Extension 11-SP4 (src):    resource-agents-3.9.5-50.19.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 9 Swamp Workflow Management 2020-05-01 22:38:32 UTC 
openSUSE-SU-2020:0585-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787
CVE References: 
Sources used:
openSUSE Leap 15.1 (src):    resource-agents-4.3.0184.6ee15eb2-lp151.3.18.1
Comment 13 Johannes Segitz 2021-07-09 07:20:22 UTC 
thanks for the submits
Comment 17 Swamp Workflow Management 2022-07-08 13:17:32 UTC 
SUSE-SU-2022:2337-1: An update that contains security fixes can now be installed.

Category: security (important)
Bug References: 1021689,1146687,1146690,1146691,1146692,1146766,1146776,1146784,1146785,1146787,1196164,1197956,1199766
CVE References: 
JIRA References: 
Sources used:
SUSE Linux Enterprise High Availability 15-SP2 (src):    resource-agents-4.4.0+git57.70549516-150200.3.53.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.