Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2021:0192-1

Опубликовано: 22 янв. 2021
Источник: suse-cvrf

Описание

Security update for hawk2

This update for hawk2 fixes the following issues:

hawk2 was updated to version 2.5.

Security issue fixed:

  • Fixed another possible code execution vulnerability in the controller code (bsc#1179998).

Список пакетов

Image SLES12-SP4-SAP-Azure
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-Azure-BYOS
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-EC2-HVM
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-EC2-HVM-BYOS
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-GCE
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-GCE-BYOS
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-OCI-BYOS
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-Azure-SAP-BYOS
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-Azure-SAP-On-Demand
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-EC2-SAP-BYOS
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-EC2-SAP-On-Demand
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-GCE-SAP-BYOS
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-GCE-SAP-On-Demand
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
SUSE Linux Enterprise High Availability Extension 12 SP4
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
SUSE Linux Enterprise High Availability Extension 12 SP5
hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1

Ссылки

Описание

An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser.

Затронутые продукты
Image SLES12-SP4-SAP-Azure-BYOS:hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-Azure-LI-BYOS-Production:hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production:hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Image SLES12-SP4-SAP-Azure:hawk2-2.5.0+git.1611141696.64c61e0c-3.24.1
Ссылки
Уязвимость SUSE-SU-2021:0192-1