Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:0484-1

Опубликовано: 23 фев. 2023
Источник: suse-cvrf

Описание

Security update for pesign

This update for pesign fixes the following issues:

  • CVE-2022-3560: Fixed pesign-authorize ExecStartPost script allowing privilege escalation from pesign to root (bsc#1202933).

Список пакетов

Container bci/bci-sle15-kernel-module-devel:15.5
pesign-0.112-150000.4.15.1
Container bci/bci-sle15-kernel-module-devel:15.7
pesign-0.112-150000.4.15.1
Container bci/bci-sle15-kernel-module-devel:latest
pesign-0.112-150000.4.15.1
SUSE Enterprise Storage 7
pesign-0.112-150000.4.15.1
SUSE Enterprise Storage 7.1
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise Module for Basesystem 15 SP4
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise Real Time 15 SP3
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise Server 15 SP1-LTSS
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise Server 15 SP2-LTSS
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise Server 15 SP3-LTSS
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
pesign-0.112-150000.4.15.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
pesign-0.112-150000.4.15.1
SUSE Manager Proxy 4.2
pesign-0.112-150000.4.15.1
SUSE Manager Server 4.2
pesign-0.112-150000.4.15.1
openSUSE Leap 15.4
pesign-0.112-150000.4.15.1

Ссылки

Описание

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

Затронутые продукты
Container bci/bci-sle15-kernel-module-devel:15.5:pesign-0.112-150000.4.15.1
Container bci/bci-sle15-kernel-module-devel:15.7:pesign-0.112-150000.4.15.1
Container bci/bci-sle15-kernel-module-devel:latest:pesign-0.112-150000.4.15.1
SUSE Enterprise Storage 7.1:pesign-0.112-150000.4.15.1
Ссылки