Описание
Recommended update for permissions
This update for permissions fixes the following issues:
Security issues fixed:
- CVE-2020-8013: Fixed a missing symlink check. Do not follow symlinks that are the final path element (bsc#1163922).
- Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594).
Список пакетов
SUSE Linux Enterprise Point of Sale 11 SP3
permissions-2013.1.7-0.6.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS
permissions-2013.1.7-0.6.12.1
Ссылки
- Link for SUSE-RU-2020:14304-1
- E-Mail link for SUSE-RU-2020:14304-1
- SUSE Security Ratings
- SUSE Bug 1160594
- SUSE Bug 1160764
- SUSE Bug 1163922
- SUSE CVE CVE-2020-8013 page
Описание
A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.
Затронутые продукты
SUSE Linux Enterprise Point of Sale 11 SP3:permissions-2013.1.7-0.6.12.1
SUSE Linux Enterprise Server 11 SP4-LTSS:permissions-2013.1.7-0.6.12.1
Ссылки
- CVE-2020-8013
- SUSE Bug 1163922