Описание
Security update for rear23a
This update for rear23a fixes the following issues:
- CVE-2024-23301: Fixed ReaR creates world-readable initrd with GRUB_RESCUE=Y. (bsc#1218728)
Список пакетов
SUSE Linux Enterprise High Availability Extension 15 SP3
rear23a-2.3.a-150300.21.3.1
SUSE Linux Enterprise High Availability Extension 15 SP4
rear23a-2.3.a-150300.21.3.1
SUSE Linux Enterprise High Availability Extension 15 SP5
rear23a-2.3.a-150300.21.3.1
openSUSE Leap 15.5
rear23a-2.3.a-150300.21.3.1
Ссылки
- Link for SUSE-SU-2024:0247-1
- E-Mail link for SUSE-SU-2024:0247-1
- SUSE Security Ratings
- SUSE Bug 1218728
- SUSE CVE CVE-2024-23301 page
Описание
Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.
Затронутые продукты
SUSE Linux Enterprise High Availability Extension 15 SP3:rear23a-2.3.a-150300.21.3.1
SUSE Linux Enterprise High Availability Extension 15 SP4:rear23a-2.3.a-150300.21.3.1
SUSE Linux Enterprise High Availability Extension 15 SP5:rear23a-2.3.a-150300.21.3.1
openSUSE Leap 15.5:rear23a-2.3.a-150300.21.3.1
Ссылки
- CVE-2024-23301
- SUSE Bug 1218728