Source: timeshift Version: 19.01+ds-2.1 Severity: important Tags: security upstream Control: found -1 19.01+ds-2
Hi, The following vulnerability was published for timeshift. CVE-2020-10174[0]: | init_tmp in TeeJee.FileSystem.vala in Timeshift before 20.03 unsafely | reuses a preexisting temporary directory in the predictable location | /tmp/timeshift. It follows symlinks in this location or uses | directories owned by unprivileged users. Because Timeshift also | executes scripts under this location, an attacker can attempt to win a | race condition to replace scripts created by Timeshift with attacker- | controlled scripts. Upon success, an attacker-controlled script is | executed with full root privileges. This logic is practically always | triggered when Timeshift runs regardless of the command-line arguments | used. Note that this seem not to be mitigated by the default enabled fs.protected_symlinks kernel hardening. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2020-10174 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10174 [1] https://www.openwall.com/lists/oss-security/2020/03/06/3 [2] https://bugzilla.suse.com/show_bug.cgi?id=1165802 [3] https://github.com/teejee2008/timeshift/commit/335b3d5398079278b8f7094c77bfd148b315b462 Regards, Salvatore
