SUSE-SU-2024:0239-1

Опубликовано: 26 янв. 2024

Источник: suse-cvrf

Описание

Security update for rear23a

This update for rear23a fixes the following issues:

CVE-2024-23301: Corrected world-readable permissions for initrd, which could be an issue if it contains sensitive information (bsc#1218728).

Список пакетов

SUSE Linux Enterprise High Availability Extension 15 SP1

rear23a-2.3.a-150000.9.9.1

SUSE Linux Enterprise High Availability Extension 15 SP2

rear23a-2.3.a-150000.9.9.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240239-1/
Link for SUSE-SU-2024:0239-1
https://lists.suse.com/pipermail/sle-security-updates/2024-January/017764.html
E-Mail link for SUSE-SU-2024:0239-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218728
SUSE Bug 1218728
https://www.suse.com/security/cve/CVE-2024-23301/
SUSE CVE CVE-2024-23301 page

Описание

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 15 SP1:rear23a-2.3.a-150000.9.9.1

SUSE Linux Enterprise High Availability Extension 15 SP2:rear23a-2.3.a-150000.9.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-23301.html
CVE-2024-23301
https://bugzilla.suse.com/1218728
SUSE Bug 1218728

SUSE-SU-2024:0239-1

Описание

Список пакетов

SUSE Linux Enterprise High Availability Extension 15 SP1

SUSE Linux Enterprise High Availability Extension 15 SP2

Ссылки

Уязвимость: CVE-2024-23301

Описание

Затронутые продукты

Ссылки