Описание
Security update for sccache
This update for sccache fixes the following issues:
- CVE-2023-1521: Fixed possible code injection via LD_PRELOAD to sccache server (bsc#1212407).
- CVE-2022-31394: Fixed a denial-of-service vulnerability via header list size (bsc#1208553).
Список пакетов
SUSE Enterprise Storage 7.1
sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise Module for Development Tools 15 SP5
sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise Real Time 15 SP3
sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise Server 15 SP3-LTSS
sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
sccache-0.4.1~18-150300.7.12.1
Ссылки
- Link for SUSE-SU-2023:2637-1
- E-Mail link for SUSE-SU-2023:2637-1
- SUSE Security Ratings
- SUSE Bug 1208553
- SUSE Bug 1212407
- SUSE CVE CVE-2022-31394 page
- SUSE CVE CVE-2023-1521 page
Описание
Hyperium Hyper before 0.14.19 does not allow for customization of the max_header_list_size method in the H2 third-party software, allowing attackers to perform HTTP2 attacks.
Затронутые продукты
SUSE Enterprise Storage 7.1:sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.1~18-150300.7.12.1
Ссылки
- CVE-2022-31394
- SUSE Bug 1208551
Описание
On Linux the sccache client can execute arbitrary code with the privileges of a local sccache server, by preloading the code in a shared library passed to LD_PRELOAD. If the server is run as root (which is the default when installing the snap package https://snapcraft.io/sccache ), this means a user running the sccache client can get root privileges.
Затронутые продукты
SUSE Enterprise Storage 7.1:sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:sccache-0.4.1~18-150300.7.12.1
SUSE Linux Enterprise Module for Development Tools 15 SP5:sccache-0.4.1~18-150300.7.12.1
Ссылки
- CVE-2023-1521
- SUSE Bug 1212407