SUSE-SU-2024:0292-1

Опубликовано: 31 янв. 2024

Источник: suse-cvrf

Описание

Security update for rear1172a

This update for rear1172a fixes the following issues:

CVE-2024-23301: Corrected world-readable permissions for initrd, which could be an issue if it contains sensitive information (bsc#1218728).

Список пакетов

SUSE Linux Enterprise High Availability Extension 12 SP5

rear1172a-1.17.2.a-5.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20240292-1/
Link for SUSE-SU-2024:0292-1
https://lists.suse.com/pipermail/sle-security-updates/2024-January/017831.html
E-Mail link for SUSE-SU-2024:0292-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1218728
SUSE Bug 1218728
https://www.suse.com/security/cve/CVE-2024-23301/
SUSE CVE CVE-2024-23301 page

Описание

Relax-and-Recover (aka ReaR) through 2.7 creates a world-readable initrd when using GRUB_RESCUE=y. This allows local attackers to gain access to system secrets otherwise only readable by root.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 12 SP5:rear1172a-1.17.2.a-5.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-23301.html
CVE-2024-23301
https://bugzilla.suse.com/1218728
SUSE Bug 1218728

SUSE-SU-2024:0292-1

Описание

Список пакетов

SUSE Linux Enterprise High Availability Extension 12 SP5

Ссылки

Уязвимость: CVE-2024-23301

Описание

Затронутые продукты

Ссылки