Описание
Security update for google-osconfig-agent
This update for google-osconfig-agent fixes the following issues:
- CVE-2024-45339: github.com/golang/glog: a privileged process' log file path can be easily predicted and used to overwrite other sensitive files in a system. (bsc#1236560)
Список пакетов
Image SLES15-SP4-BYOS
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP4-BYOS-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP4-Hardened-BYOS
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP4-Hardened-BYOS-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP5-BYOS-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP5-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP5-Hardened-BYOS-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP6
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP6-BYOS
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP6-BYOS-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP6-CHOST-BYOS-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP6-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP6-Hardened-BYOS
google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP6-Hardened-BYOS-GCE
google-osconfig-agent-20250115.01-150000.1.44.1
SUSE Linux Enterprise Micro 5.5
google-osconfig-agent-20250115.01-150000.1.44.1
SUSE Linux Enterprise Module for Public Cloud 15 SP3
google-osconfig-agent-20250115.01-150000.1.44.1
SUSE Linux Enterprise Module for Public Cloud 15 SP4
google-osconfig-agent-20250115.01-150000.1.44.1
SUSE Linux Enterprise Module for Public Cloud 15 SP5
google-osconfig-agent-20250115.01-150000.1.44.1
SUSE Linux Enterprise Module for Public Cloud 15 SP6
google-osconfig-agent-20250115.01-150000.1.44.1
openSUSE Leap 15.6
google-osconfig-agent-20250115.01-150000.1.44.1
Ссылки
- Link for SUSE-SU-2025:0611-1
- E-Mail link for SUSE-SU-2025:0611-1
- SUSE Security Ratings
- SUSE Bug 1236560
- SUSE CVE CVE-2024-45339 page
Описание
When logs are written to a widely-writable directory (the default), an unprivileged attacker may predict a privileged process's log file path and pre-create a symbolic link to a sensitive file in its place. When that privileged process runs, it will follow the planted symlink and overwrite that sensitive file. To fix that, glog now causes the program to exit (with status code 2) when it finds that the configured log file already exists.
Затронутые продукты
Image SLES15-SP4-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP4-BYOS:google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP4-Hardened-BYOS-GCE:google-osconfig-agent-20250115.01-150000.1.44.1
Image SLES15-SP4-Hardened-BYOS:google-osconfig-agent-20250115.01-150000.1.44.1
Ссылки
- CVE-2024-45339
- SUSE Bug 1236541