Security update for krb5-appl SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0527-1 Final 1 1 2021-02-19T11:47:40Z current 2021-02-19T11:47:40Z 2021-02-19T11:47:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for krb5-appl This update for krb5-appl fixes the following issues: - CVE-2019-25017: Check the filenames sent by the server match those requested by the client (bsc#1131109). - CVE-2019-25018: Disallow empty incoming filename or ones that refer to the current directory (bsc#1131109). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). HPE-Helion-OpenStack-8-2021-527,SUSE-2021-527,SUSE-OpenStack-Cloud-7-2021-527,SUSE-OpenStack-Cloud-8-2021-527,SUSE-OpenStack-Cloud-9-2021-527,SUSE-OpenStack-Cloud-Crowbar-8-2021-527,SUSE-OpenStack-Cloud-Crowbar-9-2021-527,SUSE-SLE-SAP-12-SP2-2021-527,SUSE-SLE-SAP-12-SP3-2021-527,SUSE-SLE-SAP-12-SP4-2021-527,SUSE-SLE-SERVER-12-SP2-2021-527,SUSE-SLE-SERVER-12-SP2-BCL-2021-527,SUSE-SLE-SERVER-12-SP3-2021-527,SUSE-SLE-SERVER-12-SP3-BCL-2021-527,SUSE-SLE-SERVER-12-SP4-LTSS-2021-527,SUSE-SLE-SERVER-12-SP5-2021-527 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210527-1/ Link for SUSE-SU-2021:0527-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008353.html E-Mail link for SUSE-SU-2021:0527-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1131109 SUSE Bug 1131109 https://www.suse.com/security/cve/CVE-2019-25017/ SUSE CVE CVE-2019-25017 page https://www.suse.com/security/cve/CVE-2019-25018/ SUSE CVE CVE-2019-25018 page HPE Helion OpenStack 8 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP2 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud 8 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 krb5-appl-clients-1.0.3-3.6.1 krb5-appl-servers-1.0.3-3.6.1 krb5-appl-clients-1.0.3-3.6.1 as a component of HPE Helion OpenStack 8 krb5-appl-servers-1.0.3-3.6.1 as a component of HPE Helion OpenStack 8 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP2-LTSS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-BCL krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP3-LTSS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server 12 SP5 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP2 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP3 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 7 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 7 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 8 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 8 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 9 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud 9 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 8 krb5-appl-clients-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 krb5-appl-servers-1.0.3-3.6.1 as a component of SUSE OpenStack Cloud Crowbar 9 An issue was discovered in rcp in MIT krb5-appl through 1.0.3. Due to the rcp implementation being derived from 1983 rcp, the server chooses which files/directories are sent to the client. However, the rcp client only performs cursory validation of the object name returned (only directory traversal attacks are prevented). A malicious rcp server (or Man-in-The-Middle attacker) can overwrite arbitrary files in the rcp client target directory. If recursive operation (-r) is performed, the server can manipulate subdirectories as well (for example, to overwrite the .ssh/authorized_keys file). This issue is similar to CVE-2019-6111 and CVE-2019-7283. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. CVE-2019-25017 HPE Helion OpenStack 8:krb5-appl-clients-1.0.3-3.6.1 HPE Helion OpenStack 8:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-BCL:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-BCL:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP5:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP5:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 7:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 7:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 8:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 8:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 9:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 9:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 8:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 8:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 9:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 9:krb5-appl-servers-1.0.3-3.6.1 important 5.8 AV:N/AC:M/Au:N/C:N/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210527-1/ https://www.suse.com/security/cve/CVE-2019-25017.html CVE-2019-25017 https://bugzilla.suse.com/1131109 SUSE Bug 1131109 In the rcp client in MIT krb5-appl through 1.0.3, malicious servers could bypass intended access restrictions via the filename of . or an empty filename, similar to CVE-2018-20685 and CVE-2019-7282. The impact is modifying the permissions of the target directory on the client side. NOTE: MIT krb5-appl is not supported upstream but is shipped by a few Linux distributions. The affected code was removed from the supported MIT Kerberos 5 (aka krb5) product many years ago, at version 1.8. CVE-2019-25018 HPE Helion OpenStack 8:krb5-appl-clients-1.0.3-3.6.1 HPE Helion OpenStack 8:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-BCL:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP2-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-BCL:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-BCL:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP3-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP4-LTSS:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP5:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server 12 SP5:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP2:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP3:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:krb5-appl-servers-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:krb5-appl-clients-1.0.3-3.6.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 7:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 7:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 8:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 8:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud 9:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud 9:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 8:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 8:krb5-appl-servers-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 9:krb5-appl-clients-1.0.3-3.6.1 SUSE OpenStack Cloud Crowbar 9:krb5-appl-servers-1.0.3-3.6.1 important 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210527-1/ https://www.suse.com/security/cve/CVE-2019-25018.html CVE-2019-25018 https://bugzilla.suse.com/1131109 SUSE Bug 1131109