An update that fixes two vulnerabilities is now available.
This update for apt-cacher-ng fixes the following issues:
- CVE-2019-18899: Fixed a symlink attack which could allow to overwrite arbitrary data (boo#1157703). - CVE-2020-5202: Fixed an information leak if a local user won a race condition to listen to localhost:3142 (boo#1157706).
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product: