openSUSE Security Update : backintime (openSUSE-2017-525)
High Nessus Plugin ID 99751
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update for backintime to version 1.1.20 fixes several issues.
These security issues were fixed :
- CVE-2017-7572: The _checkPolkitPrivilege function in serviceHelper.py in backintime used a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use) (bsc#1032717).
- Don't store passwords given to polkit helper
- boo#1007723: General security hardening measures
These non-security issues were fixed :
- Delete udev configuration files on uninstall
- Merge doc subpackage into main package
SolutionUpdate the affected backintime packages.