Описание
Security update for aws-cli
This update for aws-cli to version 1.16.297 fixes the following issues:
Security issue fixed:
- CVE-2018-15869: Fixed an permission handling issue where an unexpected AMI could potentially be used (bsc#1105988).
Non-security issues fixed:
- Fixed an issue with the CLI client, where a ModuleNotFoundError was triggered (bsc#1092493).
Список пакетов
HPE Helion OpenStack 8
aws-cli-1.16.297-22.11.1
Image SLES12-SP5-EC2-BYOS
aws-cli-1.16.297-22.11.1
Image SLES12-SP5-EC2-ECS-On-Demand
aws-cli-1.16.297-22.11.1
Image SLES12-SP5-EC2-On-Demand
aws-cli-1.16.297-22.11.1
Image SLES12-SP5-EC2-SAP-BYOS
aws-cli-1.16.297-22.11.1
Image SLES12-SP5-EC2-SAP-On-Demand
aws-cli-1.16.297-22.11.1
SUSE Linux Enterprise Module for Public Cloud 12
aws-cli-1.16.297-22.11.1
SUSE OpenStack Cloud 8
aws-cli-1.16.297-22.11.1
SUSE OpenStack Cloud Crowbar 8
aws-cli-1.16.297-22.11.1
Ссылки
- Link for SUSE-SU-2020:0251-1
- E-Mail link for SUSE-SU-2020:0251-1
- SUSE Security Ratings
- SUSE Bug 1092493
- SUSE Bug 1105988
- SUSE Bug 1118021
- SUSE Bug 1118024
- SUSE Bug 1118099
- SUSE CVE CVE-2018-15869 page
Описание
An Amazon Web Services (AWS) developer who does not specify the --owners flag when describing images via AWS CLI, and therefore not properly validating source software per AWS recommended security best practices, may unintentionally load an undesired and potentially malicious Amazon Machine Image (AMI) from the uncurated public community AMI catalog.
Затронутые продукты
HPE Helion OpenStack 8:aws-cli-1.16.297-22.11.1
Image SLES12-SP5-EC2-BYOS:aws-cli-1.16.297-22.11.1
Image SLES12-SP5-EC2-ECS-On-Demand:aws-cli-1.16.297-22.11.1
Image SLES12-SP5-EC2-On-Demand:aws-cli-1.16.297-22.11.1
Ссылки
- CVE-2018-15869
- SUSE Bug 1105988