This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote openSUSE host is missing a security update.
This update for backintime to version 1.1.20 fixes several issues.
These security issues were fixed :
- CVE-2017-7572: The _checkPolkitPrivilege function in
serviceHelper.py in backintime used a deprecated polkit
authorization method (unix-process) that is subject to a
race condition (time of check, time of use)
- Don't store passwords given to polkit helper
- boo#1007723: General security hardening measures
These non-security issues were fixed :
- Delete udev configuration files on uninstall
- Merge doc subpackage into main package
See also :
Update the affected backintime packages.
Risk factor :
High / CVSS Base Score : 9.3