exploitDog

SUSE-SU-2021:3875-1

Опубликовано: 02 дек. 2021

Источник: suse-cvrf

Описание

Security update for openssh

This update for openssh fixes the following issues:

CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975).

Список пакетов

Image SLES12-SP4-Azure-BYOS

openssh-7.2p2-78.13.1

Image SLES12-SP4-EC2-HVM-BYOS

openssh-7.2p2-78.13.1

Image SLES12-SP4-GCE-BYOS

openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-Azure

openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-Azure-BYOS

openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-Azure-LI-BYOS-Production

openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-Azure-VLI-BYOS-Production

openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-EC2-HVM

openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-EC2-HVM-BYOS

openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-GCE

openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-GCE-BYOS

openssh-7.2p2-78.13.1

Image SLES12-SP5-OCI-BYOS-BYOS

openssh-7.2p2-78.13.1

Image SLES12-SP5-OCI-BYOS-SAP-BYOS

openssh-7.2p2-78.13.1

SUSE Linux Enterprise Server 12 SP4-LTSS

openssh-7.2p2-78.13.1

openssh-askpass-gnome-7.2p2-78.13.1

openssh-fips-7.2p2-78.13.1

openssh-helpers-7.2p2-78.13.1

SUSE Linux Enterprise Server 12 SP5

openssh-7.2p2-78.13.1

openssh-askpass-gnome-7.2p2-78.13.1

openssh-fips-7.2p2-78.13.1

openssh-helpers-7.2p2-78.13.1

SUSE Linux Enterprise Server for SAP Applications 12 SP4

openssh-7.2p2-78.13.1

openssh-askpass-gnome-7.2p2-78.13.1

openssh-fips-7.2p2-78.13.1

openssh-helpers-7.2p2-78.13.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

openssh-7.2p2-78.13.1

openssh-askpass-gnome-7.2p2-78.13.1

openssh-fips-7.2p2-78.13.1

openssh-helpers-7.2p2-78.13.1

SUSE OpenStack Cloud 9

openssh-7.2p2-78.13.1

openssh-askpass-gnome-7.2p2-78.13.1

openssh-fips-7.2p2-78.13.1

openssh-helpers-7.2p2-78.13.1

SUSE OpenStack Cloud Crowbar 9

openssh-7.2p2-78.13.1

openssh-askpass-gnome-7.2p2-78.13.1

openssh-fips-7.2p2-78.13.1

openssh-helpers-7.2p2-78.13.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213875-1/
Link for SUSE-SU-2021:3875-1
https://lists.suse.com/pipermail/sle-security-updates/2021-December/009814.html
E-Mail link for SUSE-SU-2021:3875-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1190975
SUSE Bug 1190975
https://www.suse.com/security/cve/CVE-2021-41617/
SUSE CVE CVE-2021-41617 page

Описание

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Затронутые продукты

Image SLES12-SP4-Azure-BYOS:openssh-7.2p2-78.13.1

Image SLES12-SP4-EC2-HVM-BYOS:openssh-7.2p2-78.13.1

Image SLES12-SP4-GCE-BYOS:openssh-7.2p2-78.13.1

Image SLES12-SP4-SAP-Azure-BYOS:openssh-7.2p2-78.13.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-41617.html
CVE-2021-41617
https://bugzilla.suse.com/1190975
SUSE Bug 1190975
https://bugzilla.suse.com/1193497
SUSE Bug 1193497
https://bugzilla.suse.com/1196721
SUSE Bug 1196721
https://bugzilla.suse.com/1200782
SUSE Bug 1200782
https://bugzilla.suse.com/1205056
SUSE Bug 1205056
https://bugzilla.suse.com/1212247
SUSE Bug 1212247
https://bugzilla.suse.com/1212281
SUSE Bug 1212281