openSUSE-SU-2022:10090-1

Опубликовано: 16 авг. 2022

Источник: suse-cvrf

Описание

Security update for canna

This update for canna fixes the following issues:

CVE-2022-21950: move UNIX socket dir from /tmp to /run to avoid local attackers being able to place bogus directories in its stead. Use systemd-tmpfiles for cleaning old sockets (boo#1199280).

Список пакетов

SUSE Package Hub 15 SP3

canna-3.7p3-bp153.2.3.1

canna-devel-3.7p3-bp153.2.3.1

canna-libs-3.7p3-bp153.2.3.1

canna-libs-32bit-3.7p3-bp153.2.3.1

canna-libs-64bit-3.7p3-bp153.2.3.1

openSUSE Leap 15.3

canna-3.7p3-bp153.2.3.1

canna-devel-3.7p3-bp153.2.3.1

canna-libs-3.7p3-bp153.2.3.1

canna-libs-32bit-3.7p3-bp153.2.3.1

canna-libs-64bit-3.7p3-bp153.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NMED26UTKOFQLW2ZTPZMKHK6XEJRXGHC/
E-Mail link for openSUSE-SU-2022:10090-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1199280
SUSE Bug 1199280
https://www.suse.com/security/cve/CVE-2022-21950/
SUSE CVE CVE-2022-21950 page

Описание

A Improper Access Control vulnerability in the systemd service of cana in openSUSE Backports SLE-15-SP3, openSUSE Backports SLE-15-SP4 allows local users to hijack the UNIX domain socket This issue affects: openSUSE Backports SLE-15-SP3 canna versions prior to canna-3.7p3-bp153.2.3.1. openSUSE Backports SLE-15-SP4 canna versions prior to 3.7p3-bp154.3.3.1. openSUSE Factory was also affected. Instead of fixing the package it was deleted there.

Затронутые продукты

SUSE Package Hub 15 SP3:canna-3.7p3-bp153.2.3.1

SUSE Package Hub 15 SP3:canna-devel-3.7p3-bp153.2.3.1

SUSE Package Hub 15 SP3:canna-libs-3.7p3-bp153.2.3.1

SUSE Package Hub 15 SP3:canna-libs-32bit-3.7p3-bp153.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-21950.html
CVE-2022-21950
https://bugzilla.suse.com/1199280
SUSE Bug 1199280

openSUSE-SU-2022:10090-1

Описание

Список пакетов

SUSE Package Hub 15 SP3

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-21950

Описание

Затронутые продукты

Ссылки