Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

SUSE 15-SP3: 2022:0727-1 Moderate: LibEconf And Shadow Unauthorized Unmount

suse
Calendar Grey March 4, 2022
Dist Suse Esm H88
This SUSE patch resolves a pair of security flaws found in libeconf, shadow, and util-linux, classified as moderate in severity, along with some improvements.
An update that solves two vulnerabilities, contains two features and has two fixes is now available

Summary

This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings.

Topics%20covered

Topics Covered

security advisory moderate util-linux SUSE shadow libeconf unauthorized unmount

References

#1188507 #1192954 #1193632 #1194976 SLE-23384

SLE-23402

Cross- CVE-2021-3995 CVE-2021-3996

CVSS scores:

CVE-2021-3995 (SUSE): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2021-3996 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Desktop 15-SP3

SUSE Linux Enterprise High Performance Computing 15-SP3

SUSE Linux Enterprise Micro 5.1

SUSE Linux Enterprise Module for Basesystem 15-SP3

SUSE Linux Enterprise Module for Server Applications 15-SP3

SUSE Linux Enterprise Module for Transactional Server 15-SP3

SUSE Linux Enterprise Server 15-SP3

SUSE Linux Enterprise Server for SAP Applications 15-SP3

SUSE Manager Proxy 4.2

SUSE Manager Server 4.2

https://www.suse.com/security/cve/CV...

Read the Full Advisory

Announcement ID: SUSE-SU-2022:0727-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate util-linux SUSE shadow libeconf unauthorized unmount

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here