SUSE-SU-2019:1595-1

Опубликовано: 21 июн. 2019

Источник: suse-cvrf

Описание

Security update for dbus-1

This update for dbus-1 fixes the following issues:

Security issue fixed:

CVE-2019-12749: Fixed an implementation flaw in DBUS_COOKIE_SHA1 which could have allowed local attackers to bypass authentication (bsc#1137832).

Список пакетов

Container bci/bci-init:15.3

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/cilium:1.6.6

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/etcd:3.4.13

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/hyperkube:v1.17.17

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/k8s-sidecar:0.1.75

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/prometheus-alertmanager:0.16.2

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/prometheus-pushgateway:0.6.0

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/prometheus-server:2.7.1

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/rsyslog:8.39.0

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/skuba-tooling:0.1.0

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/6/cephcsi/cephcsi:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/6/rook/ceph:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/7.1/ceph/haproxy:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/7.1/ceph/keepalived:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/7.1/cephcsi/cephcsi:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/7.1/rook/ceph:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/7/ceph/ceph:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/7/ceph/grafana:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/7/cephcsi/cephcsi:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container ses/7/rook/ceph:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container suse/pcp:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container suse/sle-micro-rancher/5.2:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container suse/sle-micro/5.0/toolbox:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container suse/sle-micro/5.1/toolbox:latest

libdbus-1-3-1.12.2-8.3.1

Container suse/sle-micro/5.2/toolbox:latest

libdbus-1-3-1.12.2-8.3.1

Container suse/sles/15.2/virt-handler:0.38.1

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container suse/sles/15.2/virt-launcher:0.38.1

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container suse/sles/15.3/libguestfs-tools:0.45.0

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container suse/sles/15.3/virt-handler:0.45.0

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container suse/sles/15.3/virt-launcher:0.45.0

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Container trento/trento-db:latest

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-BYOS-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-BYOS-EC2-HVM

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-CHOST-BYOS-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-CHOST-BYOS-EC2

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-CHOST-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-EC2-ECS-HVM

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-EC2-HVM

dbus-1-1.12.2-8.3.1

dbus-1-x11-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

libdbus-1-3-32bit-1.12.2-8.3.1

Image SLES15-SP3-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-HPC-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-HPC-BYOS-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-HPC-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Micro-5-1-BYOS-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Micro-5-1-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Micro-5-2-BYOS-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Micro-5-2-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-Micro-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-SAP-Azure

dbus-1-1.12.2-8.3.1

dbus-1-x11-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

libdbus-1-3-32bit-1.12.2-8.3.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-SAP-BYOS-Azure

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-SAP-BYOS-GCE

dbus-1-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

Image SLES15-SP3-SAP-EC2-HVM

dbus-1-1.12.2-8.3.1

dbus-1-x11-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

libdbus-1-3-32bit-1.12.2-8.3.1

Image SLES15-SP3-SAP-GCE

dbus-1-1.12.2-8.3.1

dbus-1-x11-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

libdbus-1-3-32bit-1.12.2-8.3.1

Image SLES15-SP3-SAPCAL-Azure

dbus-1-1.12.2-8.3.1

dbus-1-x11-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

libdbus-1-3-32bit-1.12.2-8.3.1

Image SLES15-SP3-SAPCAL-EC2-HVM

dbus-1-1.12.2-8.3.1

dbus-1-x11-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

libdbus-1-3-32bit-1.12.2-8.3.1

Image SLES15-SP3-SAPCAL-GCE

dbus-1-1.12.2-8.3.1

dbus-1-x11-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

libdbus-1-3-32bit-1.12.2-8.3.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

dbus-1-1.12.2-8.3.1

dbus-1-devel-1.12.2-8.3.1

dbus-1-x11-1.12.2-8.3.1

libdbus-1-3-1.12.2-8.3.1

libdbus-1-3-32bit-1.12.2-8.3.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20191595-1/
Link for SUSE-SU-2019:1595-1
https://lists.suse.com/pipermail/sle-security-updates/2019-June/005596.html
E-Mail link for SUSE-SU-2019:1595-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1137832
SUSE Bug 1137832
https://www.suse.com/security/cve/CVE-2019-12749/
SUSE CVE CVE-2019-12749 page

Описание

dbus before 1.10.28, 1.12.x before 1.12.16, and 1.13.x before 1.13.12, as used in DBusServer in Canonical Upstart in Ubuntu 14.04 (and in some, less common, uses of dbus-daemon), allows cookie spoofing because of symlink mishandling in the reference implementation of DBUS_COOKIE_SHA1 in the libdbus library. (This only affects the DBUS_COOKIE_SHA1 authentication mechanism.) A malicious client with write access to its own home directory could manipulate a ~/.dbus-keyrings symlink to cause a DBusServer with a different uid to read and write in unintended locations. In the worst case, this could result in the DBusServer reusing a cookie that is known to the malicious client, and treating that cookie as evidence that a subsequent client connection came from an attacker-chosen uid, allowing authentication bypass.

Затронутые продукты

Container bci/bci-init:15.3:dbus-1-1.12.2-8.3.1

Container bci/bci-init:15.3:libdbus-1-3-1.12.2-8.3.1

Container caasp/v4/cilium:1.6.6:dbus-1-1.12.2-8.3.1

Container caasp/v4/cilium:1.6.6:libdbus-1-3-1.12.2-8.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-12749.html
CVE-2019-12749
https://bugzilla.suse.com/1137832
SUSE Bug 1137832

SUSE-SU-2019:1595-1

Описание

Список пакетов

Container bci/bci-init:15.3

Container caasp/v4/cilium:1.6.6

Container caasp/v4/etcd:3.4.13

Container caasp/v4/hyperkube:v1.17.17

Container caasp/v4/k8s-sidecar:0.1.75

Container caasp/v4/prometheus-alertmanager:0.16.2

Container caasp/v4/prometheus-pushgateway:0.6.0

Container caasp/v4/prometheus-server:2.7.1

Container caasp/v4/rsyslog:8.39.0

Container caasp/v4/skuba-tooling:0.1.0

Container ses/6/cephcsi/cephcsi:latest

Container ses/6/rook/ceph:latest

Container ses/7.1/ceph/haproxy:latest

Container ses/7.1/ceph/keepalived:latest

Container ses/7.1/cephcsi/cephcsi:latest

Container ses/7.1/rook/ceph:latest

Container ses/7/ceph/ceph:latest

Container ses/7/ceph/grafana:latest

Container ses/7/cephcsi/cephcsi:latest

Container ses/7/rook/ceph:latest

Container suse/pcp:latest

Container suse/sle-micro-rancher/5.2:latest

Container suse/sle-micro/5.0/toolbox:latest

Container suse/sle-micro/5.1/toolbox:latest

Container suse/sle-micro/5.2/toolbox:latest

Container suse/sles/15.2/virt-handler:0.38.1

Container suse/sles/15.2/virt-launcher:0.38.1

Container suse/sles/15.3/libguestfs-tools:0.45.0

Container suse/sles/15.3/virt-handler:0.45.0

Container suse/sles/15.3/virt-launcher:0.45.0

Container trento/trento-db:latest

Image SLES15-SP3-BYOS-Azure

Image SLES15-SP3-BYOS-EC2-HVM

Image SLES15-SP3-BYOS-GCE

Image SLES15-SP3-CHOST-BYOS-Aliyun

Image SLES15-SP3-CHOST-BYOS-Azure

Image SLES15-SP3-CHOST-BYOS-EC2

Image SLES15-SP3-CHOST-BYOS-GCE

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

Image SLES15-SP3-EC2-ECS-HVM

Image SLES15-SP3-EC2-HVM

Image SLES15-SP3-GCE

Image SLES15-SP3-HPC-Azure

Image SLES15-SP3-HPC-BYOS-Azure

Image SLES15-SP3-HPC-BYOS-EC2-HVM

Image SLES15-SP3-HPC-BYOS-GCE

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

Image SLES15-SP3-Micro-5-1-BYOS-Azure

Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM

Image SLES15-SP3-Micro-5-1-BYOS-GCE

Image SLES15-SP3-Micro-5-2-BYOS-Azure

Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM

Image SLES15-SP3-Micro-5-2-BYOS-GCE

Image SLES15-SP3-Micro-BYOS-GCE

Image SLES15-SP3-SAP-Azure

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-BYOS-Azure

Image SLES15-SP3-SAP-BYOS-EC2-HVM

Image SLES15-SP3-SAP-BYOS-GCE

Image SLES15-SP3-SAP-EC2-HVM

Image SLES15-SP3-SAP-GCE

Image SLES15-SP3-SAPCAL-Azure

Image SLES15-SP3-SAPCAL-EC2-HVM

Image SLES15-SP3-SAPCAL-GCE

SUSE Linux Enterprise Module for Basesystem 15 SP1

Ссылки

Уязвимость: CVE-2019-12749

Описание

Затронутые продукты

Ссылки