Описание
Security update for dmidecode
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
Список пакетов
Image SLES12-SP5-Azure-BYOS
dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-Basic-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-HPC-BYOS
dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-HPC-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-SAP-BYOS
dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-SAP-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-Standard-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-EC2-BYOS
dmidecode-3.0-10.6.1
Image SLES12-SP5-EC2-ECS-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-EC2-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-EC2-SAP-BYOS
dmidecode-3.0-10.6.1
Image SLES12-SP5-EC2-SAP-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-GCE-BYOS
dmidecode-3.0-10.6.1
Image SLES12-SP5-GCE-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-GCE-SAP-BYOS
dmidecode-3.0-10.6.1
Image SLES12-SP5-GCE-SAP-On-Demand
dmidecode-3.0-10.6.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
dmidecode-3.0-10.6.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
dmidecode-3.0-10.6.1
SUSE Linux Enterprise Server 12 SP2-BCL
dmidecode-3.0-10.6.1
SUSE Linux Enterprise Server 12 SP4-ESPOS
dmidecode-3.0-10.6.1
SUSE Linux Enterprise Server 12 SP4-LTSS
dmidecode-3.0-10.6.1
SUSE Linux Enterprise Server 12 SP5
dmidecode-3.0-10.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
dmidecode-3.0-10.6.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
dmidecode-3.0-10.6.1
SUSE OpenStack Cloud 9
dmidecode-3.0-10.6.1
SUSE OpenStack Cloud Crowbar 9
dmidecode-3.0-10.6.1
Ссылки
- Link for SUSE-SU-2023:2044-1
- E-Mail link for SUSE-SU-2023:2044-1
- SUSE Security Ratings
- SUSE Bug 1210418
- SUSE CVE CVE-2023-30630 page
Описание
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-Basic-On-Demand:dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-HPC-BYOS:dmidecode-3.0-10.6.1
Image SLES12-SP5-Azure-HPC-On-Demand:dmidecode-3.0-10.6.1
Ссылки
- CVE-2023-30630
- SUSE Bug 1210418