openSUSE-SU-2021:0055-1

Опубликовано: 13 янв. 2021

Источник: suse-cvrf

Описание

Security update for crmsh

This update for crmsh fixes the following issue:

CVE-2020-35459: Fixed a privilege escalation in hawk_invoke (bsc#1179999).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Список пакетов

openSUSE Leap 15.2

crmsh-4.2.0+git.1607075079.a25648d8-lp152.4.39.1

crmsh-scripts-4.2.0+git.1607075079.a25648d8-lp152.4.39.1

crmsh-test-4.2.0+git.1607075079.a25648d8-lp152.4.39.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/RKSUG2OZN3Y2FQVQ55HP5MZIQZXZ5OD6/
E-Mail link for openSUSE-SU-2021:0055-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1179999
SUSE Bug 1179999
https://www.suse.com/security/cve/CVE-2020-35459/
SUSE CVE CVE-2020-35459 page

Описание

An issue was discovered in ClusterLabs crmsh through 4.2.1. Local attackers able to call "crm history" (when "crm" is run) were able to execute commands via shell code injection to the crm history commandline, potentially allowing escalation of privileges.

Затронутые продукты

openSUSE Leap 15.2:crmsh-4.2.0+git.1607075079.a25648d8-lp152.4.39.1

openSUSE Leap 15.2:crmsh-scripts-4.2.0+git.1607075079.a25648d8-lp152.4.39.1

openSUSE Leap 15.2:crmsh-test-4.2.0+git.1607075079.a25648d8-lp152.4.39.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-35459.html
CVE-2020-35459
https://bugzilla.suse.com/1179999
SUSE Bug 1179999

openSUSE-SU-2021:0055-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2020-35459

Описание

Затронутые продукты

Ссылки