ASA-202011-21 log generated external raw

[ASA-202011-21] swtpm: privilege escalation
Arch Linux Security Advisory ASA-202011-21 ========================================== Severity: Medium Date : 2020-11-19 CVE-ID : CVE-2020-28407 Package : swtpm Type : privilege escalation Remote : No Link : Summary ======= The package swtpm before version 0.5.1-1 is vulnerable to privilege escalation. Resolution ========== Upgrade to 0.5.1-1. # pacman -Syu "swtpm>=0.5.1-1" The problem has been fixed upstream in version 0.5.1. Workaround ========== None. Description =========== A potential symbolic link following issue has been found in swtpm before 0.5.1. Impact ====== A malicious file might trick the program to overwrite files and escalate priviledges. References ==========