openSUSE-SU-2021:0945-1

Опубликовано: 01 июл. 2021

Источник: suse-cvrf

Описание

Security update for arpwatch

This update for arpwatch fixes the following issues:

CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.2

arpwatch-2.1a15-lp152.6.9.1

arpwatch-ethercodes-build-2.1a15-lp152.6.9.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/Y7SKTH3533HITV3EN436RULMJP2HHQND/
E-Mail link for openSUSE-SU-2021:0945-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1186240
SUSE Bug 1186240
https://www.suse.com/security/cve/CVE-2021-25321/
SUSE CVE CVE-2021-25321 page

Описание

A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions.

Затронутые продукты

openSUSE Leap 15.2:arpwatch-2.1a15-lp152.6.9.1

openSUSE Leap 15.2:arpwatch-ethercodes-build-2.1a15-lp152.6.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-25321.html
CVE-2021-25321
https://bugzilla.suse.com/1186240
SUSE Bug 1186240

openSUSE-SU-2021:0945-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2021-25321

Описание

Затронутые продукты

Ссылки