Recommended update for permissions

SUSE Recommended Update: Recommended update for permissions
Announcement ID: SUSE-RU-2020:0603-1
Rating: moderate
References: #1123886 #1160594 #1160764 #1161779 #1163922
Affected Products:
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server 12-SP4
  • SUSE Linux Enterprise Desktop 12-SP4

An update that solves one vulnerability and has four fixes is now available.

Description:

This update for permissions fixes the following issues:

  • CVE-2020-8013: Fixed an improper check which could have allowed the setting of unintented setuid bits (bsc#1163922).
  • Fixed handling of relative directory symlinks in chkstat.
  • Whitelisted postgres sticky directories (bsc#1123886).
  • Fixed regression where chkstat broke when /proc was not available (bsc#1160764, bsc#1160594)
  • Fixed capability handling when doing multiple permission changes at once (bsc#1161779)

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12-SP5:
    zypper in -t patch SUSE-SLE-SERVER-12-SP5-2020-603=1
  • SUSE Linux Enterprise Server 12-SP4:
    zypper in -t patch SUSE-SLE-SERVER-12-SP4-2020-603=1
  • SUSE Linux Enterprise Desktop 12-SP4:
    zypper in -t patch SUSE-SLE-DESKTOP-12-SP4-2020-603=1

Package List:

  • SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
    • permissions-20170707-3.21.1
    • permissions-debuginfo-20170707-3.21.1
    • permissions-debugsource-20170707-3.21.1
  • SUSE Linux Enterprise Server 12-SP4 (aarch64 ppc64le s390x x86_64):
    • permissions-20170707-3.21.1
    • permissions-debuginfo-20170707-3.21.1
    • permissions-debugsource-20170707-3.21.1
  • SUSE Linux Enterprise Desktop 12-SP4 (x86_64):
    • permissions-20170707-3.21.1
    • permissions-debuginfo-20170707-3.21.1
    • permissions-debugsource-20170707-3.21.1

References: