SUSE-SU-2017:0375-1: moderate: Security update for libcap-ng

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Fri Feb 3 04:08:31 MST 2017 

   SUSE Security Update: Security update for libcap-ng
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0375-1
Rating:             moderate
References:         #876832 
Cross-References:   CVE-2014-3215
Affected Products:
                    SUSE Linux Enterprise Software Development Kit 11-SP4
                    SUSE Linux Enterprise Server 11-SP4
                    SUSE Linux Enterprise Debuginfo 11-SP4
______________________________________________________________________________

   An update that fixes one vulnerability is now available.

Description:

   libcap-ng was updated to fix one security issue.

   This security issue was fixed:

   - CVE-2014-3215: seunshare in policycoreutils (which uses libcap-ng) is
     owned by root with 4755 permissions, and executes programs in a way that
     changes the relationship between the setuid system call and the
     getresuid saved set-user-ID value, which made it easier for local users
     to gain privileges by leveraging a program that mistakenly expected that
     it could permanently drop privileges (bsc#876832).


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Software Development Kit 11-SP4:

      zypper in -t patch sdksp4-libcap-ng-12965=1

   - SUSE Linux Enterprise Server 11-SP4:

      zypper in -t patch slessp4-libcap-ng-12965=1

   - SUSE Linux Enterprise Debuginfo 11-SP4:

      zypper in -t patch dbgsp4-libcap-ng-12965=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Software Development Kit 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libcap-ng-devel-0.6.3-1.9.6
      python-capng-0.6.3-1.9.6

   - SUSE Linux Enterprise Server 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libcap-ng-utils-0.6.3-1.9.6
      libcap-ng0-0.6.3-1.9.6

   - SUSE Linux Enterprise Server 11-SP4 (ppc64 s390x x86_64):

      libcap-ng0-32bit-0.6.3-1.9.6

   - SUSE Linux Enterprise Debuginfo 11-SP4 (i586 ia64 ppc64 s390x x86_64):

      libcap-ng-debuginfo-0.6.3-1.9.6
      libcap-ng-debugsource-0.6.3-1.9.6


References:

   https://www.suse.com/security/cve/CVE-2014-3215.html
   https://bugzilla.suse.com/876832

More information about the sle-security-updates mailing list