Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 565
Alerts This Week
Warning Icon 1 565

SUSE: 2021:2280-1 Moderate: Update on Permissions and Details

suse
Calendar Grey July 9, 2021
Scroller Suse
SUSE has rolled out a critical security patch that rectifies permission-related vulnerabilities affecting various components. Find comprehensive information about the advisory specifics here.
An update that solves three vulnerabilities and has 11 fixes is now available

Summary

This update for permissions fixes the following issues: - Fork package for 12-SP5 (bsc#1155939) - make btmp root:utmp (bsc#1050467, bsc#1182899) - pcp: remove no longer needed / conflicting entries (bsc#1171883). Fixes a potential security issue. - do not follow symlinks that are the final path element (CVE-2020-8013, bsc#1163922) - fix handling of relative directory symlinks in chkstat - whitelist postgres sticky directories (bsc#1123886) - fix regression where chkstat breaks without /proc available (bsc#1160764, bsc#1160594) - fix capability handling when doing multiple permission changes at once (bsc#1161779, - fix invalid free() when permfiles points to argv (bsc#1157198) - the eror should be reported for permfiles[i], not argv[i], as these are not the same files. (bsc#1047247, bsc#1097665)

References

#1047247 #1050467 #1093414 #1097665 #1123886

#1150734 #1155939 #1157198 #1160594 #1160764

#1161779 #1163922 #1171883 #1182899

Cross- CVE-2019-3688 CVE-2019-3690 CVE-2020-8013

CVSS scores:

CVE-2019-3688 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CVE-2019-3688 (SUSE): 5.1 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

CVE-2019-3690 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2019-3690 (SUSE): 6.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVE-2020-8013 (NVD) : 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

CVE-2020-8013 (SUSE): 6.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Affected Products:

SUSE Linux Enterprise Server 12-SP5

https://www.suse.com/security/cve/CVE-2019-3688.html

Announcement ID: SUSE-SU-2021:2280-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.