Описание
Security update for nfs-utils
This update for nfs-utils fixes the following issues:
- CVE-2019-3689: Fixed root-owned files stored in insecure /var/lib/nfs. (bsc#1150733)
Список пакетов
Container ses/6/cephcsi/cephcsi:latest
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container ses/6/rook/ceph:latest
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container ses/7.1/cephcsi/cephcsi:latest
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container ses/7.1/rook/ceph:latest
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container ses/7/ceph/ceph:latest
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container ses/7/cephcsi/cephcsi:latest
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container ses/7/rook/ceph:latest
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container suse/sle-micro-rancher/5.2:latest
nfs-client-2.1.1-10.4.1
Container suse/sle-micro-rancher/5.3:latest
nfs-client-2.1.1-10.4.1
Container suse/sle-micro-rancher/5.4:latest
nfs-client-2.1.1-10.4.1
Container suse/sles/15.2/virt-launcher:0.38.1
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container suse/sles/15.3/virt-launcher:0.45.0
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Container suse/sles/15.4/virt-launcher:0.49.0
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-BYOS-EC2-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
nfs-client-2.1.1-10.4.1
Image SLES15-SP3-CHOST-BYOS-Azure
nfs-client-2.1.1-10.4.1
Image SLES15-SP3-CHOST-BYOS-EC2
nfs-client-2.1.1-10.4.1
Image SLES15-SP3-CHOST-BYOS-GCE
nfs-client-2.1.1-10.4.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
nfs-client-2.1.1-10.4.1
Image SLES15-SP3-EC2-ECS-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-EC2-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-HPC-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-HPC-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-HPC-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAP-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAP-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAP-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAP-EC2-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAP-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAPCAL-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAPCAL-EC2-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP3-SAPCAL-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Azure-Basic
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Azure-Standard
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-BYOS
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-BYOS-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-CHOST-BYOS
nfs-client-2.1.1-10.4.1
Image SLES15-SP4-CHOST-BYOS-Aliyun
nfs-client-2.1.1-10.4.1
Image SLES15-SP4-CHOST-BYOS-Azure
nfs-client-2.1.1-10.4.1
Image SLES15-SP4-CHOST-BYOS-EC2
nfs-client-2.1.1-10.4.1
Image SLES15-SP4-CHOST-BYOS-GCE
nfs-client-2.1.1-10.4.1
Image SLES15-SP4-CHOST-BYOS-SAP-CCloud
nfs-client-2.1.1-10.4.1
Image SLES15-SP4-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-EC2-ECS-HVM
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-HPC
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-HPC-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-HPC-BYOS
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-HPC-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-HPC-BYOS-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-HPC-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-HPC-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-HPC-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Hardened-BYOS
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Hardened-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Hardened-BYOS-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Hardened-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3-BYOS
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-Azure-LI-BYOS
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-Azure-LI-BYOS-Production
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-BYOS
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-BYOS-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-BYOS-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-BYOS-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAP-Hardened-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAPCAL
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAPCAL-Azure
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAPCAL-EC2
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Image SLES15-SP4-SAPCAL-GCE
nfs-client-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
nfs-client-2.1.1-10.4.1
nfs-doc-2.1.1-10.4.1
nfs-kernel-server-2.1.1-10.4.1
Ссылки
- Link for SUSE-SU-2019:2782-1
- E-Mail link for SUSE-SU-2019:2782-1
- SUSE Security Ratings
- SUSE Bug 1150733
- SUSE CVE CVE-2019-3689 page
Описание
The nfs-utils package in SUSE Linux Enterprise Server 12 before and including version 1.3.0-34.18.1 and in SUSE Linux Enterprise Server 15 before and including version 2.1.1-6.10.2 the directory /var/lib/nfs is owned by statd:nogroup. This directory contains files owned and managed by root. If statd is compromised, it can therefore trick processes running with root privileges into creating/overwriting files anywhere on the system.
Затронутые продукты
Container ses/6/cephcsi/cephcsi:latest:nfs-client-2.1.1-10.4.1
Container ses/6/cephcsi/cephcsi:latest:nfs-kernel-server-2.1.1-10.4.1
Container ses/6/rook/ceph:latest:nfs-client-2.1.1-10.4.1
Container ses/6/rook/ceph:latest:nfs-kernel-server-2.1.1-10.4.1
Ссылки
- CVE-2019-3689
- SUSE Bug 1150733