SUSE-SU-2020:1788-1

Опубликовано: 26 июн. 2020

Источник: suse-cvrf

Описание

Security update for tomcat

This update for tomcat fixes the following issues:

CVE-2020-8022: Fixed a local root exploit due to improper permissions (bsc#1172405)

Список пакетов

SUSE Linux Enterprise Server 12 SP4

tomcat-9.0.35-3.39.1

tomcat-admin-webapps-9.0.35-3.39.1

tomcat-docs-webapp-9.0.35-3.39.1

tomcat-el-3_0-api-9.0.35-3.39.1

tomcat-javadoc-9.0.35-3.39.1

tomcat-jsp-2_3-api-9.0.35-3.39.1

tomcat-lib-9.0.35-3.39.1

tomcat-servlet-4_0-api-9.0.35-3.39.1

tomcat-webapps-9.0.35-3.39.1

SUSE Linux Enterprise Server 12 SP5

tomcat-9.0.35-3.39.1

tomcat-admin-webapps-9.0.35-3.39.1

tomcat-docs-webapp-9.0.35-3.39.1

tomcat-el-3_0-api-9.0.35-3.39.1

tomcat-javadoc-9.0.35-3.39.1

tomcat-jsp-2_3-api-9.0.35-3.39.1

tomcat-lib-9.0.35-3.39.1

tomcat-servlet-4_0-api-9.0.35-3.39.1

tomcat-webapps-9.0.35-3.39.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

tomcat-9.0.35-3.39.1

tomcat-admin-webapps-9.0.35-3.39.1

tomcat-docs-webapp-9.0.35-3.39.1

tomcat-el-3_0-api-9.0.35-3.39.1

tomcat-javadoc-9.0.35-3.39.1

tomcat-jsp-2_3-api-9.0.35-3.39.1

tomcat-lib-9.0.35-3.39.1

tomcat-servlet-4_0-api-9.0.35-3.39.1

tomcat-webapps-9.0.35-3.39.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

tomcat-9.0.35-3.39.1

tomcat-admin-webapps-9.0.35-3.39.1

tomcat-docs-webapp-9.0.35-3.39.1

tomcat-el-3_0-api-9.0.35-3.39.1

tomcat-javadoc-9.0.35-3.39.1

tomcat-jsp-2_3-api-9.0.35-3.39.1

tomcat-lib-9.0.35-3.39.1

tomcat-servlet-4_0-api-9.0.35-3.39.1

tomcat-webapps-9.0.35-3.39.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20201788-1/
Link for SUSE-SU-2020:1788-1
https://lists.suse.com/pipermail/sle-security-updates/2020-June/007046.html
E-Mail link for SUSE-SU-2020:1788-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172405
SUSE Bug 1172405
https://www.suse.com/security/cve/CVE-2020-8022/
SUSE CVE CVE-2020-8022 page

Описание

A Incorrect Default Permissions vulnerability in the packaging of tomcat on SUSE Enterprise Storage 5, SUSE Linux Enterprise Server 12-SP2-BCL, SUSE Linux Enterprise Server 12-SP2-LTSS, SUSE Linux Enterprise Server 12-SP3-BCL, SUSE Linux Enterprise Server 12-SP3-LTSS, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server 15-LTSS, SUSE Linux Enterprise Server for SAP 12-SP2, SUSE Linux Enterprise Server for SAP 12-SP3, SUSE Linux Enterprise Server for SAP 15, SUSE OpenStack Cloud 7, SUSE OpenStack Cloud 8, SUSE OpenStack Cloud Crowbar 8 allows local attackers to escalate from group tomcat to root. This issue affects: SUSE Enterprise Storage 5 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP2-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-BCL tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP3-LTSS tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server 12-SP4 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 12-SP5 tomcat versions prior to 9.0.35-3.39.1. SUSE Linux Enterprise Server 15-LTSS tomcat versions prior to 9.0.35-3.57.3. SUSE Linux Enterprise Server for SAP 12-SP2 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 12-SP3 tomcat versions prior to 8.0.53-29.32.1. SUSE Linux Enterprise Server for SAP 15 tomcat versions prior to 9.0.35-3.57.3. SUSE OpenStack Cloud 7 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud 8 tomcat versions prior to 8.0.53-29.32.1. SUSE OpenStack Cloud Crowbar 8 tomcat versions prior to 8.0.53-29.32.1.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP4:tomcat-9.0.35-3.39.1

SUSE Linux Enterprise Server 12 SP4:tomcat-admin-webapps-9.0.35-3.39.1

SUSE Linux Enterprise Server 12 SP4:tomcat-docs-webapp-9.0.35-3.39.1

SUSE Linux Enterprise Server 12 SP4:tomcat-el-3_0-api-9.0.35-3.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8022.html
CVE-2020-8022
https://bugzilla.suse.com/1172405
SUSE Bug 1172405
https://bugzilla.suse.com/1172562
SUSE Bug 1172562

SUSE-SU-2020:1788-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP4

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP4

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2020-8022

Описание

Затронутые продукты

Ссылки