Security update for hostinfo, supportutils SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2019:1351-1 Final 1 1 2019-05-08T15:03:41Z current 2019-05-08T15:03:41Z 2019-05-08T15:03:41Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for hostinfo, supportutils This update for hostinfo, supportutils fixes the following issues: Security issues fixed for supportutils: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes (bsc#1118463). - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files (bsc#1118460). - CVE-2018-19639: Fixed a code execution if run with -v (bsc#1118462). - CVE-2018-19637: Fixed an issue where static temporary filename could allow overwriting of files (bsc#1117776). - CVE-2018-19636: Fixed a local root exploit via inclusion of attacker controlled shell script (bsc#1117751). Other issues fixed for supportutils: - Fixed invalid exit code commands (bsc#1125666) - SUSE separation in supportconfig (bsc#1125623) - Clarified supportconfig(8) -x option (bsc#1115245) - supportconfig: 3.0.127 - btrfs filesystem usage - List products.d - Dump lsof errors - Added ha commands for corosync - Dumped find errors in ib_info Issues fixed in hostinfo: - Removed extra kernel install dates (bsc#1099498) - Resolved network bond issue (bsc#1054979) This update was imported from the SUSE:SLE-12:Update update project. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html E-Mail link for openSUSE-SU-2019:1351-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.3 hostinfo-1.0.1-21.3.1 hostinfo-1.0.1-21.3.1 as a component of openSUSE Leap 42.3 Supportutils, before version 3.1-5.7.1, when run with command line argument -A searched the file system for a ndspath binary. If an attacker provides one at an arbitrary location it is executed with root privileges CVE-2018-19636 openSUSE Leap 42.3:hostinfo-1.0.1-21.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html https://www.suse.com/security/cve/CVE-2018-19636.html CVE-2018-19636 https://bugzilla.suse.com/1063385 SUSE Bug 1063385 https://bugzilla.suse.com/1117751 SUSE Bug 1117751 Supportutils, before version 3.1-5.7.1, wrote data to static file /tmp/supp_log, allowing local attackers to overwrite files on systems without symlink protection CVE-2018-19637 openSUSE Leap 42.3:hostinfo-1.0.1-21.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html https://www.suse.com/security/cve/CVE-2018-19637.html CVE-2018-19637 https://bugzilla.suse.com/1063385 SUSE Bug 1063385 https://bugzilla.suse.com/1117776 SUSE Bug 1117776 In supportutils, before version 3.1-5.7.1 and if pacemaker is installed on the system, an unprivileged user could have overwritten arbitrary files in the directory that is used by supportutils to collect the log files. CVE-2018-19638 openSUSE Leap 42.3:hostinfo-1.0.1-21.3.1 low Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html https://www.suse.com/security/cve/CVE-2018-19638.html CVE-2018-19638 https://bugzilla.suse.com/1063385 SUSE Bug 1063385 https://bugzilla.suse.com/1118460 SUSE Bug 1118460 https://bugzilla.suse.com/1118462 SUSE Bug 1118462 https://bugzilla.suse.com/1118463 SUSE Bug 1118463 If supportutils before version 3.1-5.7.1 is run with -v to perform rpm verification and the attacker manages to manipulate the rpm listing (e.g. with CVE-2018-19638) he can execute arbitrary commands as root. CVE-2018-19639 openSUSE Leap 42.3:hostinfo-1.0.1-21.3.1 important Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html https://www.suse.com/security/cve/CVE-2018-19639.html CVE-2018-19639 https://bugzilla.suse.com/1063385 SUSE Bug 1063385 https://bugzilla.suse.com/1118460 SUSE Bug 1118460 https://bugzilla.suse.com/1118462 SUSE Bug 1118462 If the attacker manages to create files in the directory used to collect log files in supportutils before version 3.1-5.7.1 (e.g. with CVE-2018-19638) he can kill arbitrary processes on the local machine. CVE-2018-19640 openSUSE Leap 42.3:hostinfo-1.0.1-21.3.1 moderate Please Install the update. https://lists.opensuse.org/opensuse-security-announce/2019-05/msg00018.html https://www.suse.com/security/cve/CVE-2018-19640.html CVE-2018-19640 https://bugzilla.suse.com/1063385 SUSE Bug 1063385 https://bugzilla.suse.com/1118463 SUSE Bug 1118463