Описание
Security update for cni
This update for cni fixes the following issues:
- CVE-2021-20206: Fixed arbitrary path injection via type field in CNI configuration (bsc#1181961).
Список пакетов
Container caasp/v4/cilium:1.6.6
cni-0.7.1-150100.3.8.1
Container rancher/elemental-teal-iso/5.4:latest
cni-0.7.1-150100.3.8.1
Container rancher/elemental-teal-rt/5.4:latest
cni-0.7.1-150100.3.8.1
Container rancher/elemental-teal/5.4:latest
cni-0.7.1-150100.3.8.1
SUSE Enterprise Storage 6
cni-0.7.1-150100.3.8.1
SUSE Enterprise Storage 7
cni-0.7.1-150100.3.8.1
SUSE Enterprise Storage 7.1
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Micro 5.1
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Micro 5.2
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Micro 5.3
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Module for Containers 15 SP3
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Module for Containers 15 SP4
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Module for Public Cloud 15 SP1
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Module for Public Cloud 15 SP2
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Server 15 SP1-BCL
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Server 15 SP1-LTSS
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Server 15 SP2-BCL
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Server 15 SP2-LTSS
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
cni-0.7.1-150100.3.8.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
cni-0.7.1-150100.3.8.1
SUSE Manager Proxy 4.1
cni-0.7.1-150100.3.8.1
SUSE Manager Retail Branch Server 4.1
cni-0.7.1-150100.3.8.1
SUSE Manager Server 4.1
cni-0.7.1-150100.3.8.1
openSUSE Leap 15.3
cni-0.7.1-150100.3.8.1
openSUSE Leap 15.4
cni-0.7.1-150100.3.8.1
openSUSE Leap Micro 5.2
cni-0.7.1-150100.3.8.1
openSUSE Leap Micro 5.3
cni-0.7.1-150100.3.8.1
Ссылки
- Link for SUSE-SU-2022:4592-1
- E-Mail link for SUSE-SU-2022:4592-1
- SUSE Security Ratings
- SUSE Bug 1181961
- SUSE CVE CVE-2021-20206 page
Описание
An improper limitation of path name flaw was found in containernetworking/cni in versions before 0.8.1. When specifying the plugin to load in the 'type' field in the network configuration, it is possible to use special elements such as "../" separators to reference binaries elsewhere on the system. This flaw allows an attacker to execute other existing binaries other than the cni plugins/types, such as 'reboot'. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.
Затронутые продукты
Container caasp/v4/cilium:1.6.6:cni-0.7.1-150100.3.8.1
Container rancher/elemental-teal-iso/5.4:latest:cni-0.7.1-150100.3.8.1
Container rancher/elemental-teal-rt/5.4:latest:cni-0.7.1-150100.3.8.1
Container rancher/elemental-teal/5.4:latest:cni-0.7.1-150100.3.8.1
Ссылки
- CVE-2021-20206
- SUSE Bug 1181961