Описание
Security update for permissions
This update for permissions fixes the following issues:
- CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414).
- CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734).
- Fixed a regression which caused segmentation fault (bsc#1157198).
Список пакетов
Container caasp/v4/nginx-ingress-controller:beta1
permissions-2015.09.28.1626-17.20.1
Container suse/sles12sp3:latest
permissions-2015.09.28.1626-17.20.1
HPE Helion OpenStack 8
permissions-2015.09.28.1626-17.20.1
SUSE Enterprise Storage 5
permissions-2015.09.28.1626-17.20.1
SUSE Linux Enterprise Server 12 SP2-BCL
permissions-2015.09.28.1626-17.20.1
SUSE Linux Enterprise Server 12 SP2-LTSS
permissions-2015.09.28.1626-17.20.1
SUSE Linux Enterprise Server 12 SP3-BCL
permissions-2015.09.28.1626-17.20.1
SUSE Linux Enterprise Server 12 SP3-LTSS
permissions-2015.09.28.1626-17.20.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
permissions-2015.09.28.1626-17.20.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
permissions-2015.09.28.1626-17.20.1
SUSE OpenStack Cloud 7
permissions-2015.09.28.1626-17.20.1
SUSE OpenStack Cloud 8
permissions-2015.09.28.1626-17.20.1
SUSE OpenStack Cloud Crowbar 8
permissions-2015.09.28.1626-17.20.1
Ссылки
- Link for SUSE-SU-2019:3180-1
- E-Mail link for SUSE-SU-2019:3180-1
- SUSE Security Ratings
- SUSE Bug 1093414
- SUSE Bug 1150734
- SUSE Bug 1157198
- SUSE CVE CVE-2019-3688 page
- SUSE CVE CVE-2019-3690 page
Описание
The /usr/sbin/pinger binary packaged with squid in SUSE Linux Enterprise Server 15 before and including version 4.8-5.8.1 and in SUSE Linux Enterprise Server 12 before and including 3.5.21-26.17.1 had squid:root, 0750 permissions. This allowed an attacker that compromissed the squid user to gain persistence by changing the binary
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:permissions-2015.09.28.1626-17.20.1
Container suse/sles12sp3:latest:permissions-2015.09.28.1626-17.20.1
HPE Helion OpenStack 8:permissions-2015.09.28.1626-17.20.1
SUSE Enterprise Storage 5:permissions-2015.09.28.1626-17.20.1
Ссылки
- CVE-2019-3688
- SUSE Bug 1093414
- SUSE Bug 1149108
Описание
The chkstat tool in the permissions package followed symlinks before commit a9e1d26cd49ef9ee0c2060c859321128a6dd4230 (please also check the additional hardenings after this fix). This allowed local attackers with control over a path that is traversed by chkstat to escalate privileges.
Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:permissions-2015.09.28.1626-17.20.1
Container suse/sles12sp3:latest:permissions-2015.09.28.1626-17.20.1
HPE Helion OpenStack 8:permissions-2015.09.28.1626-17.20.1
SUSE Enterprise Storage 5:permissions-2015.09.28.1626-17.20.1
Ссылки
- CVE-2019-3690
- SUSE Bug 1148336
- SUSE Bug 1150734
- SUSE Bug 1157880
- SUSE Bug 1157883
- SUSE Bug 1160594
- SUSE Bug 1160764
- SUSE Bug 1163922