SUSE-RU-2020:0603-1

Опубликовано: 06 мар. 2020

Источник: suse-cvrf

Описание

Recommended update for permissions

This update for permissions fixes the following issues:

CVE-2020-8013: Fixed an improper check which could have allowed the setting of unintented setuid bits (bsc#1163922).
Fixed handling of relative directory symlinks in chkstat.
Whitelisted postgres sticky directories (bsc#1123886).
Fixed regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594)
Fixed capability handling when doing multiple permission changes at once (bsc#1161779)

Список пакетов

Container suse/sles12sp4:latest

permissions-20170707-3.21.1

SUSE Linux Enterprise Desktop 12 SP4

permissions-20170707-3.21.1

SUSE Linux Enterprise Server 12 SP4

permissions-20170707-3.21.1

SUSE Linux Enterprise Server 12 SP5

permissions-20170707-3.21.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

permissions-20170707-3.21.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

permissions-20170707-3.21.1

Ссылки

https://www.suse.com/support/update/announcement/-2020-603/suse-ru-20200603-1/
Link for SUSE-RU-2020:0603-1
https://lists.suse.com/pipermail/sle-updates/2020-March/014045.html
E-Mail link for SUSE-RU-2020:0603-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1123886
SUSE Bug 1123886
https://bugzilla.suse.com/1160594
SUSE Bug 1160594
https://bugzilla.suse.com/1160764
SUSE Bug 1160764
https://bugzilla.suse.com/1161779
SUSE Bug 1161779
https://bugzilla.suse.com/1163922
SUSE Bug 1163922
https://www.suse.com/security/cve/CVE-2020-8013/
SUSE CVE CVE-2020-8013 page

Описание

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

Затронутые продукты

Container suse/sles12sp4:latest:permissions-20170707-3.21.1

SUSE Linux Enterprise Desktop 12 SP4:permissions-20170707-3.21.1

SUSE Linux Enterprise Server 12 SP4:permissions-20170707-3.21.1

SUSE Linux Enterprise Server 12 SP5:permissions-20170707-3.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8013.html
CVE-2020-8013
https://bugzilla.suse.com/1163922
SUSE Bug 1163922

SUSE-RU-2020:0603-1

Описание

Список пакетов

Container suse/sles12sp4:latest

SUSE Linux Enterprise Desktop 12 SP4

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2020-8013

Описание

Затронутые продукты

Ссылки