SUSE-SU-2021:0941-1

Опубликовано: 24 мар. 2021

Источник: suse-cvrf

Описание

Security update for hawk2

This update for hawk2 fixes the following issues:

Update to version 2.6.3:
- Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459)
- Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314)
- Sanitize filename to contains whitelist of alphanumeric (bsc#1182165)

Список пакетов

Image SLES15-SAP-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure-LI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure-VLI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-EC2-HVM

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-EC2-HVM-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-GCE-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP1-SAP-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP1-SAP-Azure-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP1-SAP-EC2-HVM

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP1-SAP-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP1-SAP-GCE-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP2-SAP-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP2-SAP-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP2-SAP-BYOS-EC2-HVM

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP2-SAP-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP2-SAP-EC2-HVM

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP2-SAP-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP3-SAP-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP3-SAP-BYOS-EC2-HVM

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP3-SAP-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-BYOS-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Hardened

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Hardened-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Hardened-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Hardened-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Hardened-BYOS-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Hardened-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Hardened-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP4-SAP-Hardened-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Azure-3P

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-BYOS-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Hardened-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Hardened-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Hardened-BYOS-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Hardened-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Hardened-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP5-SAP-Hardened-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Azure-3P

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Azure-LI-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Azure-LI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Azure-VLI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-BYOS-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Hardened

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Hardened-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Hardened-BYOS

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Hardened-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Hardened-BYOS-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Hardened-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Hardened-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP6-SAP-Hardened-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Azure-3P

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Azure-LI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Azure-VLI-BYOS-Production

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-BYOS-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Hardened-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Hardened-BYOS-Azure

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Hardened-BYOS-EC2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Hardened-BYOS-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SP7-SAP-Hardened-GCE

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

SUSE Linux Enterprise High Availability Extension 15

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

SUSE Linux Enterprise High Availability Extension 15 SP1

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

SUSE Linux Enterprise High Availability Extension 15 SP2

hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210941-1/
Link for SUSE-SU-2021:0941-1
https://lists.suse.com/pipermail/sle-security-updates/2021-March/008543.html
E-Mail link for SUSE-SU-2021:0941-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1179999
SUSE Bug 1179999
https://bugzilla.suse.com/1182165
SUSE Bug 1182165
https://bugzilla.suse.com/1182166
SUSE Bug 1182166
https://www.suse.com/security/cve/CVE-2020-35459/
SUSE CVE CVE-2020-35459 page
https://www.suse.com/security/cve/CVE-2021-25314/
SUSE CVE CVE-2021-25314 page

Описание

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.

Затронутые продукты

Image SLES15-SAP-Azure-BYOS:hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure-LI-BYOS-Production:hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure-VLI-BYOS-Production:hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure:hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-35459.html
CVE-2020-35459
https://bugzilla.suse.com/1179999
SUSE Bug 1179999

Описание

A Creation of Temporary File With Insecure Permissions vulnerability in hawk2 of SUSE Linux Enterprise High Availability 12-SP3, SUSE Linux Enterprise High Availability 12-SP5, SUSE Linux Enterprise High Availability 15-SP2 allows local attackers to escalate to root. This issue affects: SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9. SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9.

Затронутые продукты

Image SLES15-SAP-Azure-BYOS:hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure-LI-BYOS-Production:hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure-VLI-BYOS-Production:hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Image SLES15-SAP-Azure:hawk2-2.6.3+git.1614684118.af555ad9-3.27.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-25314.html
CVE-2021-25314
https://bugzilla.suse.com/1182166
SUSE Bug 1182166
https://bugzilla.suse.com/1183693
SUSE Bug 1183693