Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2019:3180-1 Moderate: Permissions Privilege Escalation Fix

suse
Calendar Grey December 5, 2019
Dist Suse Esm H88
The recent update pertaining to access rights resolves two challenges of moderate urgency. Fortify your system by applying the newest fix.
An update that solves two vulnerabilities and has one errata is now available

Summary

This update for permissions fixes the following issues: - CVE-2019-3688: Changed wrong ownership in /usr/sbin/pinger to root:squid which could have allowed a squid user to gain persistence by changing the binary (bsc#1093414). - CVE-2019-3690: Fixed a privilege escalation through untrusted symbolic links (bsc#1150734). - Fixed a regression which caused segmentation fault (bsc#1157198). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2019-3180=1 - SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2019-3180=1 - SUSE OpenStack Cloud 7:

Topics%20covered

Topics Covered

security advisory moderate update privilege escalation permissions SUSE

References

#1093414 #1150734 #1157198

Cross- CVE-2019-3688 CVE-2019-3690

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Enterprise Storage 5

SUSE CaaS Platform 3.0

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2019-3688.html

https://www.suse.com/security/cve/CVE-2019-3690.html

https://bugzilla.suse.com/1093414

https://bugzilla.suse.com/1150734

https://bugzilla.suse.com/1157198

Announcement ID: SUSE-SU-2019:3180-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update privilege escalation permissions SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here