Security update for arpwatch SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2021:2177-1 Final 1 1 2021-07-11T05:55:15Z current 2021-07-11T05:55:15Z 2021-07-11T05:55:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for arpwatch This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-SLE-15.3-2021-2177 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DE7IGDIJ6QCS3LA5C7SC67VRDUWKSAEV/ E-Mail link for openSUSE-SU-2021:2177-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186240 SUSE Bug 1186240 https://www.suse.com/security/cve/CVE-2021-25321/ SUSE CVE CVE-2021-25321 page openSUSE Leap 15.3 arpwatch-2.1a15-5.12.1 arpwatch-ethercodes-build-2.1a15-5.12.1 arpwatch-2.1a15-5.12.1 as a component of openSUSE Leap 15.3 arpwatch-ethercodes-build-2.1a15-5.12.1 as a component of openSUSE Leap 15.3 A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. CVE-2021-25321 openSUSE Leap 15.3:arpwatch-2.1a15-5.12.1 openSUSE Leap 15.3:arpwatch-ethercodes-build-2.1a15-5.12.1 moderate 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DE7IGDIJ6QCS3LA5C7SC67VRDUWKSAEV/ https://www.suse.com/security/cve/CVE-2021-25321.html CVE-2021-25321 https://bugzilla.suse.com/1186240 SUSE Bug 1186240