SUSE-SU-2021:0551-1

Опубликовано: 23 фев. 2021

Источник: suse-cvrf

Описание

Security update for avahi

This update for avahi fixes the following issues:

CVE-2021-26720: drop privileges when invoking avahi-daemon-check-dns.sh (bsc#1180827)
Update avahi-daemon-check-dns.sh from Debian. Our previous version relied on ifconfig, route, and init.d.
Add sudo to requires: used to drop privileges.

Список пакетов

Container suse/pcp:latest

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Container suse/sle-micro-rancher/5.2:latest

avahi-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-core7-0.7-3.6.1

Image SLES15-SP1-Azure-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-Azure-HPC-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-CHOST-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-CHOST-BYOS-EC2

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-CHOST-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-EC2-HVM-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-GCE-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Proxy

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-Manager-4-0-Azure-BYOS-Server

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Proxy

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-Manager-4-0-EC2-HVM-BYOS-Server

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Proxy

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-Manager-4-0-GCE-BYOS-Server

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-OCI-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-SAP-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-SAP-Azure-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libdns_sd-0.7-3.6.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libdns_sd-0.7-3.6.1

Image SLES15-SP1-SAP-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-SAP-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-SAP-GCE-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-SAP-OCI-BYOS

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP1-SAPCAL-Azure

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP1-SAPCAL-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP1-SAPCAL-GCE

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP2-Azure-Basic

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-Azure-Standard

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-CHOST-BYOS-Aliyun

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-CHOST-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-CHOST-BYOS-EC2

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-CHOST-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-EC2-ECS-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-HPC-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-HPC-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-HPC-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-Manager-4-1-Proxy-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-Manager-4-1-Server-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-SAP-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libdns_sd-0.7-3.6.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libdns_sd-0.7-3.6.1

Image SLES15-SP2-SAP-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-SAP-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-SAP-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP2-SAP-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-CHOST-BYOS-Aliyun

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-CHOST-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-CHOST-BYOS-EC2

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-CHOST-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-CHOST-BYOS-SAP-CCloud

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-EC2-ECS-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP3-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-HPC-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-HPC-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-HPC-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-HPC-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-SAP-Azure

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libdns_sd-0.7-3.6.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libdns_sd-0.7-3.6.1

Image SLES15-SP3-SAP-BYOS-Azure

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-SAP-BYOS-GCE

libavahi-client3-0.7-3.6.1

libavahi-common3-0.7-3.6.1

Image SLES15-SP3-SAP-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP3-SAP-GCE

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP3-SAPCAL-Azure

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP3-SAPCAL-EC2-HVM

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

Image SLES15-SP3-SAPCAL-GCE

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

SUSE Linux Enterprise Module for Basesystem 15 SP2

avahi-0.7-3.6.1

avahi-compat-howl-devel-0.7-3.6.1

avahi-compat-mDNSResponder-devel-0.7-3.6.1

avahi-lang-0.7-3.6.1

avahi-utils-0.7-3.6.1

libavahi-client3-0.7-3.6.1

libavahi-client3-32bit-0.7-3.6.1

libavahi-common3-0.7-3.6.1

libavahi-common3-32bit-0.7-3.6.1

libavahi-core7-0.7-3.6.1

libavahi-devel-0.7-3.6.1

libavahi-glib-devel-0.7-3.6.1

libavahi-glib1-0.7-3.6.1

libavahi-gobject0-0.7-3.6.1

libavahi-ui-gtk3-0-0.7-3.6.1

libavahi-ui0-0.7-3.6.1

libdns_sd-0.7-3.6.1

libhowl0-0.7-3.6.1

typelib-1_0-Avahi-0_6-0.7-3.6.1

SUSE Linux Enterprise Module for Desktop Applications 15 SP2

avahi-autoipd-0.7-3.6.1

avahi-utils-gtk-0.7-3.6.1

libavahi-gobject-devel-0.7-3.6.1

SUSE Linux Enterprise Module for Package Hub 15 SP2

python3-avahi-0.7-3.6.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210551-1/
Link for SUSE-SU-2021:0551-1
https://lists.suse.com/pipermail/sle-security-updates/2021-February/008360.html
E-Mail link for SUSE-SU-2021:0551-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1180827
SUSE Bug 1180827
https://www.suse.com/security/cve/CVE-2021-26720/
SUSE CVE CVE-2021-26720 page

Описание

avahi-daemon-check-dns.sh in the Debian avahi package through 0.8-4 is executed as root via /etc/network/if-up.d/avahi-daemon, and allows a local attacker to cause a denial of service or create arbitrary empty files via a symlink attack on files under /run/avahi-daemon. NOTE: this only affects the packaging for Debian GNU/Linux (used indirectly by SUSE), not the upstream Avahi product.

Затронутые продукты

Container suse/pcp:latest:libavahi-client3-0.7-3.6.1

Container suse/pcp:latest:libavahi-common3-0.7-3.6.1

Container suse/sle-micro-rancher/5.2:latest:avahi-0.7-3.6.1

Container suse/sle-micro-rancher/5.2:latest:libavahi-common3-0.7-3.6.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-26720.html
CVE-2021-26720
https://bugzilla.suse.com/1180827
SUSE Bug 1180827
https://bugzilla.suse.com/1180865
SUSE Bug 1180865
https://bugzilla.suse.com/1181852
SUSE Bug 1181852
https://bugzilla.suse.com/1186412
SUSE Bug 1186412
https://bugzilla.suse.com/1205048
SUSE Bug 1205048