exploitDog

SUSE-SU-2021:3947-1

Опубликовано: 06 дек. 2021

Источник: suse-cvrf

Описание

Security update for openssh

This update for openssh fixes the following issues:

CVE-2021-41617: Fixed privilege escalation when AuthorizedKeysCommand/AuthorizedPrincipalsCommand are configured (bsc#1190975).

Список пакетов

Image SLES15-SP1-Azure-BYOS

openssh-7.9p1-6.28.1

Image SLES15-SP1-Azure-HPC-BYOS

openssh-7.9p1-6.28.1

Image SLES15-SP1-CHOST-BYOS-Azure

openssh-7.9p1-6.28.1

Image SLES15-SP1-CHOST-BYOS-EC2

openssh-7.9p1-6.28.1

Image SLES15-SP1-CHOST-BYOS-GCE

openssh-7.9p1-6.28.1

Image SLES15-SP1-EC2-HPC-HVM-BYOS

openssh-7.9p1-6.28.1

Image SLES15-SP1-EC2-HVM-BYOS

openssh-7.9p1-6.28.1

Image SLES15-SP1-GCE-BYOS

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAP-Azure

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAP-Azure-BYOS

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAP-EC2-HVM

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAP-EC2-HVM-BYOS

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAP-GCE

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAP-GCE-BYOS

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAPCAL-Azure

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAPCAL-EC2-HVM

openssh-7.9p1-6.28.1

Image SLES15-SP1-SAPCAL-GCE

openssh-7.9p1-6.28.1

SUSE Enterprise Storage 6

openssh-7.9p1-6.28.1

openssh-askpass-gnome-7.9p1-6.28.1

openssh-fips-7.9p1-6.28.1

openssh-helpers-7.9p1-6.28.1

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

openssh-7.9p1-6.28.1

openssh-askpass-gnome-7.9p1-6.28.1

openssh-fips-7.9p1-6.28.1

openssh-helpers-7.9p1-6.28.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

openssh-7.9p1-6.28.1

openssh-askpass-gnome-7.9p1-6.28.1

openssh-fips-7.9p1-6.28.1

openssh-helpers-7.9p1-6.28.1

SUSE Linux Enterprise Server 15 SP1-BCL

openssh-7.9p1-6.28.1

openssh-askpass-gnome-7.9p1-6.28.1

openssh-fips-7.9p1-6.28.1

openssh-helpers-7.9p1-6.28.1

SUSE Linux Enterprise Server 15 SP1-LTSS

openssh-7.9p1-6.28.1

openssh-askpass-gnome-7.9p1-6.28.1

openssh-fips-7.9p1-6.28.1

openssh-helpers-7.9p1-6.28.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

openssh-7.9p1-6.28.1

openssh-askpass-gnome-7.9p1-6.28.1

openssh-fips-7.9p1-6.28.1

openssh-helpers-7.9p1-6.28.1

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213947-1/
Link for SUSE-SU-2021:3947-1
https://lists.suse.com/pipermail/sle-security-updates/2021-December/009854.html
E-Mail link for SUSE-SU-2021:3947-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1190975
SUSE Bug 1190975
https://www.suse.com/security/cve/CVE-2021-41617/
SUSE CVE CVE-2021-41617 page

Описание

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Затронутые продукты

Image SLES15-SP1-Azure-BYOS:openssh-7.9p1-6.28.1

Image SLES15-SP1-Azure-HPC-BYOS:openssh-7.9p1-6.28.1

Image SLES15-SP1-CHOST-BYOS-Azure:openssh-7.9p1-6.28.1

Image SLES15-SP1-CHOST-BYOS-EC2:openssh-7.9p1-6.28.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-41617.html
CVE-2021-41617
https://bugzilla.suse.com/1190975
SUSE Bug 1190975
https://bugzilla.suse.com/1193497
SUSE Bug 1193497
https://bugzilla.suse.com/1196721
SUSE Bug 1196721
https://bugzilla.suse.com/1200782
SUSE Bug 1200782
https://bugzilla.suse.com/1205056
SUSE Bug 1205056
https://bugzilla.suse.com/1212247
SUSE Bug 1212247
https://bugzilla.suse.com/1212281
SUSE Bug 1212281