Описание
Security update for trousers
This update for trousers fixes the following issues:
- CVE-2020-24330: Fixed a potential tss user to root privilege escalation issue (bsc#1164472).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
libtspi1-0.3.14-150000.3.3.1
trousers-0.3.14-150000.3.3.1
trousers-devel-0.3.14-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
libtspi1-0.3.14-150000.3.3.1
trousers-0.3.14-150000.3.3.1
trousers-devel-0.3.14-150000.3.3.1
SUSE Linux Enterprise Server 15-LTSS
libtspi1-0.3.14-150000.3.3.1
trousers-0.3.14-150000.3.3.1
trousers-devel-0.3.14-150000.3.3.1
SUSE Linux Enterprise Server for SAP Applications 15
libtspi1-0.3.14-150000.3.3.1
trousers-0.3.14-150000.3.3.1
trousers-devel-0.3.14-150000.3.3.1
Ссылки
- Link for SUSE-SU-2022:2798-1
- E-Mail link for SUSE-SU-2022:2798-1
- SUSE Security Ratings
- SUSE Bug 1164472
- SUSE CVE CVE-2020-24330 page
Описание
An issue was discovered in TrouSerS through 0.3.14. If the tcsd daemon is started with root privileges instead of by the tss user, it fails to drop the root gid privilege when no longer needed.
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:libtspi1-0.3.14-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:trousers-0.3.14-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:trousers-devel-0.3.14-150000.3.3.1
SUSE Linux Enterprise High Performance Computing 15-LTSS:libtspi1-0.3.14-150000.3.3.1
Ссылки
- CVE-2020-24330
- SUSE Bug 1164472