Bugzilla – Bug 974845
VUL-0: CVE-2016-3992: cronic: Predictable temporary files
Last modified: 2016-07-05 18:08:54 UTC
CVE-2016-3992 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820331 From: Dmitry Nezhevenko It looks like cronic uses very predictable temporary files (like /tmp/cronic.out.$$) that depends only on PID: OUT=/tmp/cronic.out.$$ ERR=/tmp/cronic.err.$$ TRACE=/tmp/cronic.trace.$$ set +e "$@" >$OUT 2>$TRACE RESULT=$? set -e References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3992 http://seclists.org/oss-sec/2016/q2/44
bugbot adjusting priority
Fixed in devel project utilities/cronic by updating from upstream.
openSUSE-SU-2016:1741-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 974845 CVE References: CVE-2016-3992 Sources used: openSUSE Leap 42.1 (src): cronic-3-5.1 openSUSE 13.2 (src): cronic-3-3.1