SUSE-SU-2021:0087-1

Опубликовано: 12 янв. 2021

Источник: suse-cvrf

Описание

Security update for crmsh

This update for crmsh fixes the following issue:

CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999).

Список пакетов

Image SLES15-SAP-Azure

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-Azure-BYOS

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-Azure-LI-BYOS-Production

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-EC2-HVM

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-EC2-HVM-BYOS

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-GCE

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-GCE-BYOS

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-OCI-BYOS

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

SUSE Linux Enterprise High Availability Extension 15

crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210087-1/
Link for SUSE-SU-2021:0087-1
https://lists.suse.com/pipermail/sle-security-updates/2021-January/008182.html
E-Mail link for SUSE-SU-2021:0087-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1179999
SUSE Bug 1179999
https://www.suse.com/security/cve/CVE-2020-35459/
SUSE CVE CVE-2020-35459 page

Описание

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.

Затронутые продукты

Image SLES15-SAP-Azure-BYOS:crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-Azure-BYOS:crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-Azure-LI-BYOS-Production:crmsh-4.2.0+git.1607075079.a25648d8-3.56.1

Image SLES15-SAP-Azure-LI-BYOS-Production:crmsh-scripts-4.2.0+git.1607075079.a25648d8-3.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-35459.html
CVE-2020-35459
https://bugzilla.suse.com/1179999
SUSE Bug 1179999

SUSE-SU-2021:0087-1

Описание

Список пакетов

Image SLES15-SAP-Azure

Image SLES15-SAP-Azure-BYOS

Image SLES15-SAP-Azure-LI-BYOS-Production

Image SLES15-SAP-Azure-VLI-BYOS-Production

Image SLES15-SAP-EC2-HVM

Image SLES15-SAP-EC2-HVM-BYOS

Image SLES15-SAP-GCE

Image SLES15-SAP-GCE-BYOS

Image SLES15-SAP-OCI-BYOS

SUSE Linux Enterprise High Availability Extension 15

Ссылки

Уязвимость: CVE-2020-35459

Описание

Затронутые продукты

Ссылки