SUSE-SU-2020:0547-1

Опубликовано: 28 фев. 2020

Источник: suse-cvrf

Описание

Security update for permissions

This update for permissions fixes the following issues:

Security issues fixed:

CVE-2019-3687: Fixed a privilege escalation which could allow a local user to read network traffic if wireshark is installed (bsc#1148788)
CVE-2020-8013: Fixed an issue where chkstat set unintended setuid/capabilities for mrsh and wodim (bsc#1163922).

Non-security issues fixed:

Fixed a regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594).
Fixed capability handling when doing multiple permission changes at once (bsc#1161779).

Список пакетов

Container caasp/v4/389-ds:1.4.2

permissions-20181116-9.23.1

Container caasp/v4/busybox:1.34.1

permissions-20181116-9.23.1

Container caasp/v4/caasp-dex:2.16.0

permissions-20181116-9.23.1

Container caasp/v4/cert-exporter:2.3.0

permissions-20181116-9.23.1

Container caasp/v4/cilium-etcd-operator:2.0.5

permissions-20181116-9.23.1

Container caasp/v4/cilium-init:1.5.3

permissions-20181116-9.23.1

Container caasp/v4/cilium-operator:1.6.6

permissions-20181116-9.23.1

Container caasp/v4/cilium:1.6.6

permissions-20181116-9.23.1

Container caasp/v4/cloud-provider-openstack:1.15.0

permissions-20181116-9.23.1

Container caasp/v4/configmap-reload:0.3.0

permissions-20181116-9.23.1

Container caasp/v4/coredns:1.6.7

permissions-20181116-9.23.1

Container caasp/v4/curl:7.60.0

permissions-20181116-9.23.1

Container caasp/v4/etcd:3.4.13

permissions-20181116-9.23.1

Container caasp/v4/gangway:3.1.0

permissions-20181116-9.23.1

Container caasp/v4/grafana:7.5.12

permissions-20181116-9.23.1

Container caasp/v4/helm-tiller:2.16.12

permissions-20181116-9.23.1

Container caasp/v4/hyperkube:v1.17.17

permissions-20181116-9.23.1

Container caasp/v4/k8s-sidecar:0.1.75

permissions-20181116-9.23.1

Container caasp/v4/kube-state-metrics:1.9.3

permissions-20181116-9.23.1

Container caasp/v4/kubernetes-client:1.17.17

permissions-20181116-9.23.1

Container caasp/v4/kucero:1.3.0

permissions-20181116-9.23.1

Container caasp/v4/kured:1.3.0

permissions-20181116-9.23.1

Container caasp/v4/metrics-server:0.3.6

permissions-20181116-9.23.1

Container caasp/v4/prometheus-alertmanager:0.16.2

permissions-20181116-9.23.1

Container caasp/v4/prometheus-node-exporter:1.1.2

permissions-20181116-9.23.1

Container caasp/v4/prometheus-pushgateway:0.6.0

permissions-20181116-9.23.1

Container caasp/v4/prometheus-server:2.7.1

permissions-20181116-9.23.1

Container caasp/v4/rsyslog:8.39.0

permissions-20181116-9.23.1

Container caasp/v4/skuba-tooling:0.1.0

permissions-20181116-9.23.1

Container caasp/v4/test-update:beta

permissions-20181116-9.23.1

Container caasp/v4/velero-plugin-for-aws:1.0.1

permissions-20181116-9.23.1

Container caasp/v4/velero-plugin-for-gcp:1.0.1

permissions-20181116-9.23.1

Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1

permissions-20181116-9.23.1

Container caasp/v4/velero-restic-restore-helper:1.3.1

permissions-20181116-9.23.1

Container caasp/v4/velero:1.3.1

permissions-20181116-9.23.1

Container ses/6/cephcsi/cephcsi:latest

permissions-20181116-9.23.1

Container ses/6/rook/ceph:latest

permissions-20181116-9.23.1

Container suse/sle15:15.1

permissions-20181116-9.23.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

permissions-20181116-9.23.1

permissions-zypp-plugin-20181116-9.23.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20200547-1/
Link for SUSE-SU-2020:0547-1
https://lists.suse.com/pipermail/sle-security-updates/2020-February/006556.html
E-Mail link for SUSE-SU-2020:0547-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1148788
SUSE Bug 1148788
https://bugzilla.suse.com/1160594
SUSE Bug 1160594
https://bugzilla.suse.com/1160764
SUSE Bug 1160764
https://bugzilla.suse.com/1161779
SUSE Bug 1161779
https://bugzilla.suse.com/1163922
SUSE Bug 1163922
https://www.suse.com/security/cve/CVE-2019-3687/
SUSE CVE CVE-2019-3687 page
https://www.suse.com/security/cve/CVE-2020-8013/
SUSE CVE CVE-2020-8013 page

Описание

The permission package in SUSE Linux Enterprise Server allowed all local users to run dumpcap in the "easy" permission profile and sniff network traffic. This issue affects: SUSE Linux Enterprise Server permissions versions starting from 85c83fef7e017f8ab7f8602d3163786d57344439 to 081d081dcfaf61710bda34bc21c80c66276119aa.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:permissions-20181116-9.23.1

Container caasp/v4/busybox:1.34.1:permissions-20181116-9.23.1

Container caasp/v4/caasp-dex:2.16.0:permissions-20181116-9.23.1

Container caasp/v4/cert-exporter:2.3.0:permissions-20181116-9.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3687.html
CVE-2019-3687
https://bugzilla.suse.com/1148788
SUSE Bug 1148788
https://bugzilla.suse.com/1180102
SUSE Bug 1180102

Описание

A UNIX Symbolic Link (Symlink) Following vulnerability in chkstat of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 11 set permissions intended for specific binaries on other binaries because it erroneously followed symlinks. The symlinks can't be controlled by attackers on default systems, so exploitation is difficult. This issue affects: SUSE Linux Enterprise Server 12 permissions versions prior to 2015.09.28.1626-17.27.1. SUSE Linux Enterprise Server 15 permissions versions prior to 20181116-9.23.1. SUSE Linux Enterprise Server 11 permissions versions prior to 2013.1.7-0.6.12.1.

Затронутые продукты

Container caasp/v4/389-ds:1.4.2:permissions-20181116-9.23.1

Container caasp/v4/busybox:1.34.1:permissions-20181116-9.23.1

Container caasp/v4/caasp-dex:2.16.0:permissions-20181116-9.23.1

Container caasp/v4/cert-exporter:2.3.0:permissions-20181116-9.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8013.html
CVE-2020-8013
https://bugzilla.suse.com/1163922
SUSE Bug 1163922

SUSE-SU-2020:0547-1

Описание

Список пакетов

Container caasp/v4/389-ds:1.4.2

Container caasp/v4/busybox:1.34.1

Container caasp/v4/caasp-dex:2.16.0

Container caasp/v4/cert-exporter:2.3.0

Container caasp/v4/cilium-etcd-operator:2.0.5

Container caasp/v4/cilium-init:1.5.3

Container caasp/v4/cilium-operator:1.6.6

Container caasp/v4/cilium:1.6.6

Container caasp/v4/cloud-provider-openstack:1.15.0

Container caasp/v4/configmap-reload:0.3.0

Container caasp/v4/coredns:1.6.7

Container caasp/v4/curl:7.60.0

Container caasp/v4/etcd:3.4.13

Container caasp/v4/gangway:3.1.0

Container caasp/v4/grafana:7.5.12

Container caasp/v4/helm-tiller:2.16.12

Container caasp/v4/hyperkube:v1.17.17

Container caasp/v4/k8s-sidecar:0.1.75

Container caasp/v4/kube-state-metrics:1.9.3

Container caasp/v4/kubernetes-client:1.17.17

Container caasp/v4/kucero:1.3.0

Container caasp/v4/kured:1.3.0

Container caasp/v4/metrics-server:0.3.6

Container caasp/v4/prometheus-alertmanager:0.16.2

Container caasp/v4/prometheus-node-exporter:1.1.2

Container caasp/v4/prometheus-pushgateway:0.6.0

Container caasp/v4/prometheus-server:2.7.1

Container caasp/v4/rsyslog:8.39.0

Container caasp/v4/skuba-tooling:0.1.0

Container caasp/v4/test-update:beta

Container caasp/v4/velero-plugin-for-aws:1.0.1

Container caasp/v4/velero-plugin-for-gcp:1.0.1

Container caasp/v4/velero-plugin-for-microsoft-azure:1.0.1

Container caasp/v4/velero-restic-restore-helper:1.3.1

Container caasp/v4/velero:1.3.1

Container ses/6/cephcsi/cephcsi:latest

Container ses/6/rook/ceph:latest

Container suse/sle15:15.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

Ссылки

Уязвимость: CVE-2019-3687

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2020-8013

Описание

Затронутые продукты

Ссылки