Project

General

Profile

Actions
Copy link

action #61314

closed

Security Audit

Added by lnussel about 5 years ago. Updated over 4 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
jsegitz
Category:
Security
Target version:
RC
Start date:
2020-04-02
Due date:
2020-06-16
% Done:

0%

Estimated time:

Description

Security needs to take a look at the current snapshot

Related issues 1 (0 open1 closed)

Copied from openSUSE Leap 15.1 - action #47561: Security AuditResolvedjsegitz2019-04-112019-04-26

Actions
Actions
Copy link
 #1

Updated by lnussel about 5 years ago

Actions
Copy link
 #2

Updated by jsegitz almost 5 years ago

  • Assignee set to jsegitz
Actions
Copy link
 #4

Updated by jsegitz over 4 years ago

  • Due date changed from 2020-04-17 to 2020-05-21

Moving due to changed timeline

Actions
Copy link
 #5

Updated by lkocman over 4 years ago

Any update?

Actions
Copy link
 #6

Updated by jsegitz over 4 years ago

  • Due date changed from 2020-05-21 to 2020-06-16
Actions
Copy link
 #7

Updated by jsegitz over 4 years ago

I'll finish this today

Actions
Copy link
 #8

Updated by jsegitz over 4 years ago

I'll need at least one more day as I found an issue I want to investigate

Actions
Copy link
 #9

Updated by jsegitz over 4 years ago

  • Status changed from New to Feedback

The same issue exists in 15.1. kdeconnect is listening by default on port 1716 and I think it might have an exploitable flaw. I'll track that in a Bugzilla entry once I figured it out. By default the systems aren't vulnerable due to the firewall, but it's still not great.

Disabling kdeconnect now probably won't work I assume.

Apart from that I opened a bug to harden the sshd config, but we'll do that in Factory. So from my side it's a go.

Actions
Copy link
 #10

Updated by lkocman over 4 years ago

  • Status changed from Feedback to Resolved

Thank you!

Actions
Copy link

Also available in: Atom PDF