Описание
Security update for dmidecode
This update for dmidecode fixes the following issues:
- CVE-2023-30630: Fixed potential privilege escalation vulnerability via file overwrite (bsc#1210418).
Список пакетов
Container suse/sle-micro-rancher/5.2:latest
dmidecode-3.2-150100.9.16.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production
dmidecode-3.2-150100.9.16.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-HPC-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-SAP-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-SAP-Azure-LI-BYOS-Production
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-SAP-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-SAP-BYOS-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-SAP-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-SAP-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-SAP-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-BYOS-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-CHOST-BYOS-Aliyun
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-CHOST-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-CHOST-BYOS-EC2
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-CHOST-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-CHOST-BYOS-SAP-CCloud
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-HPC-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-HPC-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Micro-5-1-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Micro-5-1-BYOS-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Micro-5-1-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Micro-5-2-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Micro-5-2-BYOS-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-Micro-5-2-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-SAP-Azure-LI-BYOS-Production
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-SAP-BYOS-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-SAP-BYOS-GCE
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-SAPCAL-Azure
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-SAPCAL-EC2-HVM
dmidecode-3.2-150100.9.16.1
Image SLES15-SP3-SAPCAL-GCE
dmidecode-3.2-150100.9.16.1
SUSE Enterprise Storage 7
dmidecode-3.2-150100.9.16.1
SUSE Enterprise Storage 7.1
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Micro 5.1
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Micro 5.2
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Real Time 15 SP3
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Server 15 SP1-LTSS
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Server 15 SP2-LTSS
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Server 15 SP3-LTSS
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP1
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
dmidecode-3.2-150100.9.16.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
dmidecode-3.2-150100.9.16.1
SUSE Manager Proxy 4.2
dmidecode-3.2-150100.9.16.1
SUSE Manager Server 4.2
dmidecode-3.2-150100.9.16.1
Ссылки
- Link for SUSE-SU-2023:2215-1
- E-Mail link for SUSE-SU-2023:2215-1
- SUSE Security Ratings
- SUSE Bug 1210418
- SUSE CVE CVE-2023-30630 page
Описание
Dmidecode before 3.5 allows -dump-bin to overwrite a local file. This has security relevance because, for example, execution of Dmidecode via Sudo is plausible. NOTE: Some third parties have indicated the fix in 3.5 does not adequately address the vulnerability. The argument is that the proposed patch prevents dmidecode from writing to an existing file. However, there are multiple attack vectors that would not require overwriting an existing file that would provide the same level of unauthorized privilege escalation (e.g. creating a new file in /etc/cron.hourly).
Затронутые продукты
Container suse/sle-micro-rancher/5.2:latest:dmidecode-3.2-150100.9.16.1
Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:dmidecode-3.2-150100.9.16.1
Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:dmidecode-3.2-150100.9.16.1
Image SLES15-SP2-BYOS-Azure:dmidecode-3.2-150100.9.16.1
Ссылки
- CVE-2023-30630
- SUSE Bug 1210418