Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2024:1629-1

Опубликовано: 14 мая 2024
Источник: suse-cvrf

Описание

Security update for SUSE Manager Client Tools Beta

This update for SUSE Manager Client Tools Beta fixes the following issues:

  • Changed codestream origin of SUSE Manager Client Tools Beta (no source changes)

icinga in SUSE Manager Client Tools Beta also received the following security fixes:

  • CVE-2016-9566: Fixed root privilege escalation (bsc#1014637)
  • CVE-2019-3698 : Symbolic Link (Symlink) following vulnerability in the cronjob allows local attackers to cause cause DoS or potentially escalate privileges by winning a race (bsc#1156309)

Список пакетов

Image SLES12-SP5-Azure-BYOS
libzmq3-4.0.4-15.8.1
Image SLES12-SP5-Azure-Basic-On-Demand
sysuser-shadow-2.0-1.9.1
Image SLES12-SP5-Azure-HPC-BYOS
libzmq3-4.0.4-15.8.1
Image SLES12-SP5-Azure-SAP-BYOS
libzmq3-4.0.4-15.8.1
Image SLES12-SP5-Azure-Standard-On-Demand
sysuser-shadow-2.0-1.9.1
Image SLES12-SP5-EC2-BYOS
libzmq3-4.0.4-15.8.1
Image SLES12-SP5-EC2-ECS-On-Demand
sysuser-shadow-2.0-1.9.1
Image SLES12-SP5-EC2-On-Demand
sysuser-shadow-2.0-1.9.1
Image SLES12-SP5-EC2-SAP-BYOS
libzmq3-4.0.4-15.8.1
Image SLES12-SP5-GCE-BYOS
libzmq3-4.0.4-15.8.1
Image SLES12-SP5-GCE-On-Demand
sysuser-shadow-2.0-1.9.1
Image SLES12-SP5-GCE-SAP-BYOS
libzmq3-4.0.4-15.8.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
sysuser-shadow-2.0-1.9.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
sysuser-shadow-2.0-1.9.1
SUSE Linux Enterprise Module for Advanced Systems Management 12
libzmq3-4.0.4-15.8.1
SUSE Linux Enterprise Module for Containers 12
sysuser-shadow-2.0-1.9.1
SUSE Linux Enterprise Server 12 SP5
sysuser-shadow-2.0-1.9.1
sysuser-tools-2.0-1.9.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
sysuser-shadow-2.0-1.9.1
sysuser-tools-2.0-1.9.1
SUSE Linux Enterprise Software Development Kit 12 SP5
libzmq3-4.0.4-15.8.1
zeromq-devel-4.0.4-15.8.1
SUSE Linux Enterprise Workstation Extension 12 SP5
libzmq3-4.0.4-15.8.1
SUSE Manager Client Tools 12
grafana-ha-cluster-dashboards-1.1.0+git.1605027022.a84d536-1.10.1
grafana-sap-netweaver-dashboards-1.0.3+git.1601889366.9f71957-1.10.1
grafana-sap-providers-1.1-1.7.1
grafana-sleha-provider-1.1.0+git.1605027022.a84d536-1.10.1
hwdata-0.314-10.14.1
icinga-1.13.3-12.8.1
icinga-devel-1.13.3-12.8.1
icinga-doc-1.13.3-12.8.1
icinga-idoutils-1.13.3-12.8.1
icinga-idoutils-mysql-1.13.3-12.8.1
icinga-idoutils-oracle-1.13.3-12.8.1
icinga-idoutils-pgsql-1.13.3-12.8.1
icinga-plugins-downtimes-1.13.3-12.8.1
icinga-plugins-eventhandlers-1.13.3-12.8.1
icinga-www-1.13.3-12.8.1
icinga-www-config-1.13.3-12.8.1
libzmq3-4.0.4-15.8.1
monitoring-tools-1.13.3-12.8.1
sysuser-shadow-2.0-1.9.1
SUSE Manager Client Tools 12-BETA
grafana-ha-cluster-dashboards-1.1.0+git.1605027022.a84d536-1.10.1
grafana-sap-netweaver-dashboards-1.0.3+git.1601889366.9f71957-1.10.1
grafana-sap-providers-1.1-1.7.1
grafana-sleha-provider-1.1.0+git.1605027022.a84d536-1.10.1
icinga-1.13.3-12.8.1
icinga-devel-1.13.3-12.8.1
icinga-doc-1.13.3-12.8.1
icinga-idoutils-1.13.3-12.8.1
icinga-idoutils-mysql-1.13.3-12.8.1
icinga-idoutils-oracle-1.13.3-12.8.1
icinga-idoutils-pgsql-1.13.3-12.8.1
icinga-plugins-downtimes-1.13.3-12.8.1
icinga-plugins-eventhandlers-1.13.3-12.8.1
icinga-www-1.13.3-12.8.1
icinga-www-config-1.13.3-12.8.1
libzmq3-4.0.4-15.8.1
monitoring-tools-1.13.3-12.8.1
sysuser-shadow-2.0-1.9.1

Ссылки

Описание

base/logging.c in Nagios Core before 4.2.4 allows local users with access to an account in the nagios group to gain root privileges via a symlink attack on the log file. NOTE: this can be leveraged by remote attackers using CVE-2016-9565.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libzmq3-4.0.4-15.8.1
Image SLES12-SP5-Azure-Basic-On-Demand:sysuser-shadow-2.0-1.9.1
Image SLES12-SP5-Azure-HPC-BYOS:libzmq3-4.0.4-15.8.1
Image SLES12-SP5-Azure-SAP-BYOS:libzmq3-4.0.4-15.8.1
Ссылки

Описание

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

Затронутые продукты
Image SLES12-SP5-Azure-BYOS:libzmq3-4.0.4-15.8.1
Image SLES12-SP5-Azure-Basic-On-Demand:sysuser-shadow-2.0-1.9.1
Image SLES12-SP5-Azure-HPC-BYOS:libzmq3-4.0.4-15.8.1
Image SLES12-SP5-Azure-SAP-BYOS:libzmq3-4.0.4-15.8.1
Ссылки