Project

General

Profile

action #61314

Security Audit

Added by lnussel over 1 year ago. Updated about 1 year ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Security
Target version:
Start date:
2020-04-02
Due date:
2020-06-16
% Done:

0%

Estimated time:

Description

Security needs to take a look at the current snapshot


Related issues

Copied from openSUSE Leap 15.1 - action #47561: Security AuditResolved2019-04-112019-04-26

History

#1 Updated by lnussel over 1 year ago

#2 Updated by jsegitz over 1 year ago

  • Assignee set to jsegitz

#4 Updated by jsegitz over 1 year ago

  • Due date changed from 2020-04-17 to 2020-05-21

Moving due to changed timeline

#5 Updated by lkocman about 1 year ago

Any update?

#6 Updated by jsegitz about 1 year ago

  • Due date changed from 2020-05-21 to 2020-06-16

#7 Updated by jsegitz about 1 year ago

I'll finish this today

#8 Updated by jsegitz about 1 year ago

I'll need at least one more day as I found an issue I want to investigate

#9 Updated by jsegitz about 1 year ago

  • Status changed from New to Feedback

The same issue exists in 15.1. kdeconnect is listening by default on port 1716 and I think it might have an exploitable flaw. I'll track that in a Bugzilla entry once I figured it out. By default the systems aren't vulnerable due to the firewall, but it's still not great.

Disabling kdeconnect now probably won't work I assume.

Apart from that I opened a bug to harden the sshd config, but we'll do that in Factory. So from my side it's a go.

#10 Updated by lkocman about 1 year ago

  • Status changed from Feedback to Resolved

Thank you!

Also available in: Atom PDF