SUSE-SU-2022:4150-1

Опубликовано: 21 нояб. 2022

Источник: suse-cvrf

Описание

Security update for cni

This update for cni fixes the following issues:

CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15

cni-0.7.1-150000.1.7.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224150-1/
Link for SUSE-SU-2022:4150-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013052.html
E-Mail link for SUSE-SU-2022:4150-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1181961
SUSE Bug 1181961
https://www.suse.com/security/cve/CVE-2021-20206/
SUSE CVE CVE-2021-20206 page

Описание

An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 15:cni-0.7.1-150000.1.7.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-20206.html
CVE-2021-20206
https://bugzilla.suse.com/1181961
SUSE Bug 1181961

SUSE-SU-2022:4150-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15

Ссылки

Уязвимость: CVE-2021-20206

Описание

Затронутые продукты

Ссылки