Security update for lynis SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2017:1595-1 Final 1 1 2017-06-18T20:22:52Z current 2017-06-18T20:22:52Z 2017-06-18T20:22:52Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for lynis This update for lynis fixes the following issues: Lynis 2.5.1: * Improved detection of SSL certificate files * Minor changes to improve logging and results * Firewall tests: Determine if CSF is in testing mode The Update also includes changes from Lynis 2.5.0: * CVE-2017-8108: symlink attack may have allowed arbitrary file overwrite or privilege escalation (boo#1043463) * Deleted unused tests from database file * Additional sysctls are tested * Extended test with Symantec components * Snort detection * Snort configuration file The update also includes Lynis 2.4.8 (Changelog from 2.4.1) * More PHP paths added * Minor changes to text * Show atomic test in report * Added FileInstalledByPackage function (dpkg and rpm supported) * Mark Arch Linux version as rolling release (instead of unknown) * Support for Manjaro Linux * Escape files when testing if they are readable * Code cleanups * Allow host alias to be specified in profile * Code readability enhancements * Solaris support has been improved * Fix for upload function to be used from profile * Reduce screen output for mail section, unless --verbose is used * Code cleanups and removed 'update release' command * Colored output can now be tuned with profile (colors=yes/no) * Allow data upload to be set as a profile option * Properly detect SSH daemon version * Generic code improvements * Improved the update check and display * Finish, Portuguese, and Turkish translation * Extended support and tests for DragonFlyBSD * Option to configure hostid and hostid2 in profile * Support for Trend Micro and Cylance (macOS) * Remove comments at end of nginx configuration * Used machine ID to create host ID when no SSH keys are available * Added detection of iptables-save to binaries And Lynis 2.4.0 * Mainly improved support for macOS users * Support for CoreOS * Support for clamconf utility * Support for chinese translation * More sysctl values in the default profile * New commands: 'upload-only', 'show hostids', 'show environment', 'show os' The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2017-06/msg00062.html E-Mail link for openSUSE-SU-2017:1595-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.2 lynis-2.5.1-2.3.1 lynis-2.5.1-2.3.1 as a component of openSUSE Leap 42.2 Unspecified tests in Lynis before 2.5.0 allow local users to write to arbitrary files or possibly gain privileges via a symlink attack on a temporary file. CVE-2017-8108 openSUSE Leap 42.2:lynis-2.5.1-2.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-updates/2017-06/msg00062.html https://www.suse.com/security/cve/CVE-2017-8108.html CVE-2017-8108 https://bugzilla.suse.com/1043463 SUSE Bug 1043463