Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0545-1

Опубликовано: 28 фев. 2020
Источник: suse-cvrf

Описание

Security update for permissions

This update for permissions fixes the following issues:

Security issues fixed:

  • CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).

Non-security issues fixed:

  • Fixed a regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594).
  • Fixed capability handling when doing multiple permission changes at once (bsc#1161779).

Список пакетов

Container caasp/v4/nginx-ingress-controller:beta1
permissions-2015.09.28.1626-17.27.1
Container suse/sles12sp3:latest
permissions-2015.09.28.1626-17.27.1
HPE Helion OpenStack 8
permissions-2015.09.28.1626-17.27.1
SUSE Enterprise Storage 5
permissions-2015.09.28.1626-17.27.1
SUSE Linux Enterprise Server 12 SP2-BCL
permissions-2015.09.28.1626-17.27.1
SUSE Linux Enterprise Server 12 SP2-LTSS
permissions-2015.09.28.1626-17.27.1
SUSE Linux Enterprise Server 12 SP3-BCL
permissions-2015.09.28.1626-17.27.1
SUSE Linux Enterprise Server 12 SP3-LTSS
permissions-2015.09.28.1626-17.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
permissions-2015.09.28.1626-17.27.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
permissions-2015.09.28.1626-17.27.1
SUSE OpenStack Cloud 7
permissions-2015.09.28.1626-17.27.1
SUSE OpenStack Cloud 8
permissions-2015.09.28.1626-17.27.1
SUSE OpenStack Cloud Crowbar 8
permissions-2015.09.28.1626-17.27.1

Ссылки

Описание

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

Затронутые продукты
Container caasp/v4/nginx-ingress-controller:beta1:permissions-2015.09.28.1626-17.27.1
Container suse/sles12sp3:latest:permissions-2015.09.28.1626-17.27.1
HPE Helion OpenStack 8:permissions-2015.09.28.1626-17.27.1
SUSE Enterprise Storage 5:permissions-2015.09.28.1626-17.27.1
Ссылки
Уязвимость SUSE-SU-2020:0545-1