SUSE-SU-2024:2756-1

Опубликовано: 05 авг. 2024

Источник: suse-cvrf

Описание

Security update for ksh

This update for ksh fixes the following issues:

CVE-2019-14868: Fixed code injection due to environment variables on startup interpreted as arithmetic expression (bsc#1160796)

Other fixes:

do not use posix_spawn as it lacks proper job handling (bsc#1224057)
fix segfault in variable substitution (bsc#1129288)

Список пакетов

Image SLES12-SP5-Azure-BYOS

ksh-93vu-19.3.2

Image SLES12-SP5-Azure-HPC-BYOS

ksh-93vu-19.3.2

Image SLES12-SP5-Azure-HPC-On-Demand

ksh-93vu-19.3.2

Image SLES12-SP5-Azure-SAP-BYOS

ksh-93vu-19.3.2

Image SLES12-SP5-Azure-SAP-On-Demand

ksh-93vu-19.3.2

Image SLES12-SP5-Azure-Standard-On-Demand

ksh-93vu-19.3.2

Image SLES12-SP5-EC2-BYOS

ksh-93vu-19.3.2

Image SLES12-SP5-EC2-On-Demand

ksh-93vu-19.3.2

Image SLES12-SP5-EC2-SAP-BYOS

ksh-93vu-19.3.2

Image SLES12-SP5-EC2-SAP-On-Demand

ksh-93vu-19.3.2

Image SLES12-SP5-GCE-BYOS

ksh-93vu-19.3.2

Image SLES12-SP5-GCE-On-Demand

ksh-93vu-19.3.2

Image SLES12-SP5-GCE-SAP-BYOS

ksh-93vu-19.3.2

Image SLES12-SP5-GCE-SAP-On-Demand

ksh-93vu-19.3.2

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

ksh-93vu-19.3.2

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

ksh-93vu-19.3.2

SUSE Linux Enterprise Module for Legacy 12

ksh-93vu-19.3.2

SUSE Linux Enterprise Software Development Kit 12 SP5

ksh-devel-93vu-19.3.2

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242756-1/
Link for SUSE-SU-2024:2756-1
https://lists.suse.com/pipermail/sle-updates/2024-August/036291.html
E-Mail link for SUSE-SU-2024:2756-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1129288
SUSE Bug 1129288
https://bugzilla.suse.com/1160796
SUSE Bug 1160796
https://bugzilla.suse.com/1224057
SUSE Bug 1224057
https://www.suse.com/security/cve/CVE-2019-14868/
SUSE CVE CVE-2019-14868 page

Описание

In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.

Затронутые продукты

Image SLES12-SP5-Azure-BYOS:ksh-93vu-19.3.2

Image SLES12-SP5-Azure-HPC-BYOS:ksh-93vu-19.3.2

Image SLES12-SP5-Azure-HPC-On-Demand:ksh-93vu-19.3.2

Image SLES12-SP5-Azure-SAP-BYOS:ksh-93vu-19.3.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-14868.html
CVE-2019-14868
https://bugzilla.suse.com/1160796
SUSE Bug 1160796

SUSE-SU-2024:2756-1

Описание

Список пакетов

Image SLES12-SP5-Azure-BYOS

Image SLES12-SP5-Azure-HPC-BYOS

Image SLES12-SP5-Azure-HPC-On-Demand

Image SLES12-SP5-Azure-SAP-BYOS

Image SLES12-SP5-Azure-SAP-On-Demand

Image SLES12-SP5-Azure-Standard-On-Demand

Image SLES12-SP5-EC2-BYOS

Image SLES12-SP5-EC2-On-Demand

Image SLES12-SP5-EC2-SAP-BYOS

Image SLES12-SP5-EC2-SAP-On-Demand

Image SLES12-SP5-GCE-BYOS

Image SLES12-SP5-GCE-On-Demand

Image SLES12-SP5-GCE-SAP-BYOS

Image SLES12-SP5-GCE-SAP-On-Demand

Image SLES12-SP5-SAP-Azure-LI-BYOS-Production

Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Module for Legacy 12

SUSE Linux Enterprise Software Development Kit 12 SP5

Ссылки

Уязвимость: CVE-2019-14868

Описание

Затронутые продукты

Ссылки