CVE-2020-8016: 
Linux openSUSE vulnerability analysis and mitigation

CVE-2020-8016 is a race condition vulnerability discovered in the texlive-filesystem package affecting SUSE Linux Enterprise Module for Desktop Applications 15-SP1 versions prior to 2017.135-9.5.1. The vulnerability exists in the spec file of the package where certain directories are created with sticky bit permissions (OpenSUSE Security).

The vulnerability stems from a race condition in the spec file where directories are created with sticky bit permissions (drwxrwxr-t) and owned by root:mktex. The issue specifically affects directories like /var/cache/texmf/fonts, where files are created with root:mktex ownership but later accessed by nobody:mktex, creating an inconsistency in file ownership and potential security implications (SUSE Bugzilla).

The vulnerability could allow a compromised mktex group member to place symlinks into these directories that would be followed by the shell code, potentially leading to system file corruption. This could be exploited when the mktex group is compromised or exists from an earlier installation (SUSE Bugzilla).

The issue was addressed in a security update for texlive-filesystem. The fix includes harmonizing file ownership and implementing proper security controls for directory access. Users should update to version 2017.135-9.5.1 or later (OpenSUSE Security).