Описание
Security update for systemd
This update for systemd fixes the following issues:
- CVE-2023-26604: Fixed a privilege escalation via the less pager. (bsc#1208958)
Список пакетов
Container suse/ltss/sle12.5/sles12sp5:latest
libsystemd0-228-157.52.1
libudev1-228-157.52.1
Container suse/sles12sp5:latest
libsystemd0-228-157.52.1
libudev1-228-157.52.1
Image SLES12-SP5-Azure-BYOS
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-Azure-Basic-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-Azure-HPC-BYOS
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-Azure-HPC-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-Azure-SAP-BYOS
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-Azure-SAP-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-Azure-Standard-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-EC2-BYOS
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-EC2-ECS-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-EC2-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-EC2-SAP-BYOS
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-EC2-SAP-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-GCE-BYOS
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-GCE-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-GCE-SAP-BYOS
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-GCE-SAP-On-Demand
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
libsystemd0-228-157.52.1
libudev1-228-157.52.1
systemd-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
SUSE Linux Enterprise Server 12 SP5
libsystemd0-228-157.52.1
libsystemd0-32bit-228-157.52.1
libudev-devel-228-157.52.1
libudev1-228-157.52.1
libudev1-32bit-228-157.52.1
systemd-228-157.52.1
systemd-32bit-228-157.52.1
systemd-bash-completion-228-157.52.1
systemd-devel-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
libsystemd0-228-157.52.1
libsystemd0-32bit-228-157.52.1
libudev-devel-228-157.52.1
libudev1-228-157.52.1
libudev1-32bit-228-157.52.1
systemd-228-157.52.1
systemd-32bit-228-157.52.1
systemd-bash-completion-228-157.52.1
systemd-devel-228-157.52.1
systemd-sysvinit-228-157.52.1
udev-228-157.52.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libudev-devel-228-157.52.1
systemd-devel-228-157.52.1
Ссылки
- Link for SUSE-SU-2023:1622-1
- E-Mail link for SUSE-SU-2023:1622-1
- SUSE Security Ratings
- SUSE Bug 1206985
- SUSE Bug 1208958
- SUSE CVE CVE-2023-26604 page
Описание
systemd before 247 does not adequately block local privilege escalation for some Sudo configurations, e.g., plausible sudoers files in which the "systemctl status" command may be executed. Specifically, systemd does not set LESSSECURE to 1, and thus other programs may be launched from the less program. This presents a substantial security risk when running systemctl from Sudo, because less executes as root when the terminal size is too small to show the complete systemctl output.
Затронутые продукты
Container suse/ltss/sle12.5/sles12sp5:latest:libsystemd0-228-157.52.1
Container suse/ltss/sle12.5/sles12sp5:latest:libudev1-228-157.52.1
Container suse/sles12sp5:latest:libsystemd0-228-157.52.1
Container suse/sles12sp5:latest:libudev1-228-157.52.1
Ссылки
- CVE-2023-26604
- SUSE Bug 1208958
- SUSE Bug 1210451