Описание
Security update for sudo
This update for sudo fixes the following issues:
- A Heap-based buffer overflow in sudo could be exploited to allow a user to gain root privileges [bsc#1181090,CVE-2021-3156]
- It was possible for a user to test for the existence of a directory due to a Race Condition in
sudoedit[bsc#1180684,CVE-2021-23239] - A Possible Symlink Attack vector existed in
sudoeditif SELinux was running in permissive mode [bsc#1180685, CVE-2021-23240] - It was possible for a User to enable Debug Settings not Intended for them [bsc#1180687]
Список пакетов
Container ses/6/cephcsi/cephcsi:latest
sudo-1.8.22-4.15.1
Container ses/6/rook/ceph:latest
sudo-1.8.22-4.15.1
Container ses/7/cephcsi/cephcsi:latest
sudo-1.8.22-4.15.1
Container ses/7/rook/ceph:latest
sudo-1.8.22-4.15.1
Container suse/sle-micro/5.0/toolbox:latest
sudo-1.8.22-4.15.1
Image SLES15-Azure-BYOS
sudo-1.8.22-4.15.1
Image SLES15-EC2-CHOST-HVM-BYOS
sudo-1.8.22-4.15.1
Image SLES15-EC2-HVM-BYOS
sudo-1.8.22-4.15.1
Image SLES15-GCE-BYOS
sudo-1.8.22-4.15.1
Image SLES15-OCI-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SAP-Azure
sudo-1.8.22-4.15.1
Image SLES15-SAP-Azure-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SAP-Azure-LI-BYOS-Production
sudo-1.8.22-4.15.1
Image SLES15-SAP-Azure-VLI-BYOS-Production
sudo-1.8.22-4.15.1
Image SLES15-SAP-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SAP-EC2-HVM-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SAP-GCE
sudo-1.8.22-4.15.1
Image SLES15-SAP-GCE-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SAP-OCI-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-Azure-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-Azure-HPC-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-CHOST-BYOS-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP1-CHOST-BYOS-EC2
sudo-1.8.22-4.15.1
Image SLES15-SP1-CHOST-BYOS-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP1-EC2-HPC-HVM-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-EC2-HVM-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-GCE-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy
sudo-1.8.22-4.15.1
Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server
sudo-1.8.22-4.15.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy
sudo-1.8.22-4.15.1
Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server
sudo-1.8.22-4.15.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy
sudo-1.8.22-4.15.1
Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server
sudo-1.8.22-4.15.1
Image SLES15-SP1-OCI-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-Azure-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-EC2-HVM-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-GCE-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAP-OCI-BYOS
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAPCAL-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAPCAL-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP1-SAPCAL-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP2-Azure-Basic
sudo-1.8.22-4.15.1
Image SLES15-SP2-Azure-Standard
sudo-1.8.22-4.15.1
Image SLES15-SP2-BYOS-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP2-BYOS-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP2-BYOS-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP2-CHOST-BYOS-Aliyun
sudo-1.8.22-4.15.1
Image SLES15-SP2-CHOST-BYOS-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP2-CHOST-BYOS-EC2
sudo-1.8.22-4.15.1
Image SLES15-SP2-CHOST-BYOS-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP2-EC2-ECS-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP2-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP2-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP2-HPC-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP2-HPC-BYOS-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP2-HPC-BYOS-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP2-SAP-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
sudo-1.8.22-4.15.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
sudo-1.8.22-4.15.1
Image SLES15-SP2-SAP-BYOS-Azure
sudo-1.8.22-4.15.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP2-SAP-BYOS-GCE
sudo-1.8.22-4.15.1
Image SLES15-SP2-SAP-EC2-HVM
sudo-1.8.22-4.15.1
Image SLES15-SP2-SAP-GCE
sudo-1.8.22-4.15.1
SUSE Enterprise Storage 6
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP2
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise Server 15 SP1-BCL
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise Server 15 SP1-LTSS
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise Server 15-LTSS
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise Server for SAP Applications 15
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Manager Proxy 4.0
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Manager Retail Branch Server 4.0
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
SUSE Manager Server 4.0
sudo-1.8.22-4.15.1
sudo-devel-1.8.22-4.15.1
Ссылки
- Link for SUSE-SU-2021:0227-1
- E-Mail link for SUSE-SU-2021:0227-1
- SUSE Security Ratings
- SUSE Bug 1180684
- SUSE Bug 1180685
- SUSE Bug 1180687
- SUSE Bug 1181090
- SUSE CVE CVE-2021-23239 page
- SUSE CVE CVE-2021-23240 page
- SUSE CVE CVE-2021-3156 page
Описание
The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
Затронутые продукты
Container ses/6/cephcsi/cephcsi:latest:sudo-1.8.22-4.15.1
Container ses/6/rook/ceph:latest:sudo-1.8.22-4.15.1
Container ses/7/cephcsi/cephcsi:latest:sudo-1.8.22-4.15.1
Container ses/7/rook/ceph:latest:sudo-1.8.22-4.15.1
Ссылки
- CVE-2021-23239
- SUSE Bug 1171722
- SUSE Bug 1180684
Описание
selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.
Затронутые продукты
Container ses/6/cephcsi/cephcsi:latest:sudo-1.8.22-4.15.1
Container ses/6/rook/ceph:latest:sudo-1.8.22-4.15.1
Container ses/7/cephcsi/cephcsi:latest:sudo-1.8.22-4.15.1
Container ses/7/rook/ceph:latest:sudo-1.8.22-4.15.1
Ссылки
- CVE-2021-23240
- SUSE Bug 1171722
- SUSE Bug 1180685
Описание
Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via "sudoedit -s" and a command-line argument that ends with a single backslash character.
Затронутые продукты
Container ses/6/cephcsi/cephcsi:latest:sudo-1.8.22-4.15.1
Container ses/6/rook/ceph:latest:sudo-1.8.22-4.15.1
Container ses/7/cephcsi/cephcsi:latest:sudo-1.8.22-4.15.1
Container ses/7/rook/ceph:latest:sudo-1.8.22-4.15.1
Ссылки
- CVE-2021-3156
- SUSE Bug 1180684
- SUSE Bug 1181090
- SUSE Bug 1181506
- SUSE Bug 1181657
- SUSE Bug 1183936
- SUSE Bug 1218863
- SUSE Bug 1225623