SuSE 10 Security Update : YaST2 (ZYPP Patch Number 4623)
High Nessus Plugin ID 29613
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionThis update fixes a security bug in yast2-core that allowed local attackers to provide malicious yast2 modules to yast2 that are executed with root privileges. To trigger this vulnerability root has to execute yast2 in an untrusted directory (i.e. /tmp). Thanks to Stefan Nordhausen for reporting this to us.
SolutionApply ZYPP patch number 4623.