SUSE-SU-2022:2448-1

Опубликовано: 20 июл. 2022

Источник: suse-cvrf

Описание

Security update for dovecot23

This update for dovecot23 fixes the following issues:

CVE-2022-30550: Fixed privilege escalation in dovecot when similar master and non-master passdbs are used (bsc#1201267).

Список пакетов

SUSE Enterprise Storage 7

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Linux Enterprise Module for Server Applications 15 SP3

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Linux Enterprise Module for Server Applications 15 SP4

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Linux Enterprise Server 15 SP2-BCL

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Linux Enterprise Server 15 SP2-LTSS

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Manager Proxy 4.1

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Manager Retail Branch Server 4.1

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

SUSE Manager Server 4.1

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

openSUSE Leap 15.3

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

openSUSE Leap 15.4

dovecot23-2.3.15-150200.62.1

dovecot23-backend-mysql-2.3.15-150200.62.1

dovecot23-backend-pgsql-2.3.15-150200.62.1

dovecot23-backend-sqlite-2.3.15-150200.62.1

dovecot23-devel-2.3.15-150200.62.1

dovecot23-fts-2.3.15-150200.62.1

dovecot23-fts-lucene-2.3.15-150200.62.1

dovecot23-fts-solr-2.3.15-150200.62.1

dovecot23-fts-squat-2.3.15-150200.62.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20222448-1/
Link for SUSE-SU-2022:2448-1
https://lists.suse.com/pipermail/sle-security-updates/2022-July/011607.html
E-Mail link for SUSE-SU-2022:2448-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1201267
SUSE Bug 1201267
https://www.suse.com/security/cve/CVE-2022-30550/
SUSE CVE CVE-2022-30550 page

Описание

An issue was discovered in the auth component in Dovecot 2.2 and 2.3 before 2.3.20. When two passdb configuration entries exist with the same driver and args settings, incorrect username_filter and mechanism settings can be applied to passdb definitions. These incorrectly applied settings can lead to an unintended security configuration and can permit privilege escalation in certain configurations. The documentation does not advise against the use of passdb definitions that have the same driver and args settings. One such configuration would be where an administrator wishes to use the same PAM configuration or passwd file for both normal and master users but use the username_filter setting to restrict which of the users is able to be a master user.

Затронутые продукты

SUSE Enterprise Storage 7:dovecot23-2.3.15-150200.62.1

SUSE Enterprise Storage 7:dovecot23-backend-mysql-2.3.15-150200.62.1

SUSE Enterprise Storage 7:dovecot23-backend-pgsql-2.3.15-150200.62.1

SUSE Enterprise Storage 7:dovecot23-backend-sqlite-2.3.15-150200.62.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-30550.html
CVE-2022-30550
https://bugzilla.suse.com/1201267
SUSE Bug 1201267

SUSE-SU-2022:2448-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Module for Server Applications 15 SP3

SUSE Linux Enterprise Module for Server Applications 15 SP4

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

openSUSE Leap 15.3

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-30550

Описание

Затронутые продукты

Ссылки