SUSE-SU-2020:2729-1

Опубликовано: 23 сент. 2020

Источник: suse-cvrf

Описание

Security update for cifs-utils

This update for cifs-utils fixes the following issues:

CVE-2020-14342: Fixed a shell command injection vulnerability in mount.cifs (bsc#1174477).
Fixed an invalid free in mount.cifs; (bsc#1152930).

Список пакетов

Image SLES15-SP1-Azure-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-Azure-HPC-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP1-CAP-Deployment-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP1-CHOST-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP1-CHOST-BYOS-EC2

cifs-utils-6.9-5.6.1

Image SLES15-SP1-CHOST-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-EC2-HVM-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-GCE-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

cifs-utils-6.9-5.6.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

cifs-utils-6.9-5.6.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

cifs-utils-6.9-5.6.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

cifs-utils-6.9-5.6.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

cifs-utils-6.9-5.6.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

cifs-utils-6.9-5.6.1

Image SLES15-SP1-OCI-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-Azure-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-GCE-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAP-OCI-BYOS

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAPCAL-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAPCAL-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP1-SAPCAL-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP2-Azure-Basic

cifs-utils-6.9-5.6.1

Image SLES15-SP2-Azure-Standard

cifs-utils-6.9-5.6.1

Image SLES15-SP2-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP2-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP2-CAP-Deployment-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

cifs-utils-6.9-5.6.1

Image SLES15-SP2-CHOST-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-CHOST-BYOS-EC2

cifs-utils-6.9-5.6.1

Image SLES15-SP2-CHOST-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP2-EC2-ECS-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP2-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP2-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP2-HPC-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-HPC-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP2-SAP-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

cifs-utils-6.9-5.6.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

cifs-utils-6.9-5.6.1

Image SLES15-SP2-SAP-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP2-SAP-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP2-SAP-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP2-SAP-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

cifs-utils-6.9-5.6.1

Image SLES15-SP3-CHOST-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-CHOST-BYOS-EC2

cifs-utils-6.9-5.6.1

Image SLES15-SP3-CHOST-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

cifs-utils-6.9-5.6.1

Image SLES15-SP3-EC2-ECS-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-HPC-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-HPC-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-HPC-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAP-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAP-BYOS-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAP-BYOS-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAP-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAP-GCE

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAPCAL-Azure

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAPCAL-EC2-HVM

cifs-utils-6.9-5.6.1

Image SLES15-SP3-SAPCAL-GCE

cifs-utils-6.9-5.6.1

SUSE Linux Enterprise Module for Basesystem 15 SP1

cifs-utils-6.9-5.6.1

cifs-utils-devel-6.9-5.6.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

cifs-utils-6.9-5.6.1

cifs-utils-devel-6.9-5.6.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20202729-1/
Link for SUSE-SU-2020:2729-1
https://lists.suse.com/pipermail/sle-security-updates/2020-September/007471.html
E-Mail link for SUSE-SU-2020:2729-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1152930
SUSE Bug 1152930
https://bugzilla.suse.com/1174477
SUSE Bug 1174477
https://www.suse.com/security/cve/CVE-2020-14342/
SUSE CVE CVE-2020-14342 page

Описание

It was found that cifs-utils' mount.cifs was invoking a shell when requesting the Samba password, which could be used to inject arbitrary commands. An attacker able to invoke mount.cifs with special permission, such as via sudo rules, could use this flaw to escalate their privileges.

Затронутые продукты

Image SLES15-SP1-Azure-BYOS:cifs-utils-6.9-5.6.1

Image SLES15-SP1-Azure-HPC-BYOS:cifs-utils-6.9-5.6.1

Image SLES15-SP1-CAP-Deployment-BYOS-EC2-HVM:cifs-utils-6.9-5.6.1

Image SLES15-SP1-CAP-Deployment-BYOS-GCE:cifs-utils-6.9-5.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-14342.html
CVE-2020-14342
https://bugzilla.suse.com/1174477
SUSE Bug 1174477