Main Vulnerability Database SB2023012738

SB2023012738 - SUSE update for systemd

Published: January 27, 2023

Security Bulletin ID SB2023012738

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper Privilege Management (CVE-ID: CVE-2022-4415)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper privilege management when handling coredumps in coredump/coredump.c. A local user can gain access to sensitive information.

The vulnerability affects systems with libacl support.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20230201-1/

Vulnerable Software

SUSE Manager Proxy: 4.3
SUSE Manager Retail Branch Server: 4.3
SUSE Manager Server: 4.3
SUSE Linux Enterprise Micro: 5.3
openSUSE Leap Micro: 5.3
SUSE Linux Enterprise Desktop: 15-SP4
SUSE Linux Enterprise High Performance Computing: 15-SP4
SUSE Linux Enterprise Module for Basesystem: 15-SP4
SUSE Linux Enterprise Server: 15-SP4
SUSE Linux Enterprise Server for SAP Applications: 15-SP4
openSUSE Leap: 15.4
systemd-testsuite-debuginfo: before 249.14-150400.8.19.1
systemd-devel: before 249.14-150400.8.19.1
systemd-doc: before 249.14-150400.8.19.1
systemd-experimental: before 249.14-150400.8.19.1
systemd-experimental-debuginfo: before 249.14-150400.8.19.1
systemd-network: before 249.14-150400.8.19.1
systemd-network-debuginfo: before 249.14-150400.8.19.1
systemd-portable: before 249.14-150400.8.19.1
systemd-portable-debuginfo: before 249.14-150400.8.19.1
systemd-testsuite: before 249.14-150400.8.19.1
systemd-coredump-debuginfo: before 249.14-150400.8.19.1
systemd-lang: before 249.14-150400.8.19.1
libsystemd0-32bit: before 249.14-150400.8.19.1
libsystemd0-32bit-debuginfo: before 249.14-150400.8.19.1
libudev1-32bit: before 249.14-150400.8.19.1
libudev1-32bit-debuginfo: before 249.14-150400.8.19.1
nss-myhostname-32bit: before 249.14-150400.8.19.1
nss-myhostname-32bit-debuginfo: before 249.14-150400.8.19.1
systemd-32bit: before 249.14-150400.8.19.1
systemd-32bit-debuginfo: before 249.14-150400.8.19.1
systemd-journal-remote-debuginfo: before 249.14-150400.8.19.1
libsystemd0-debuginfo: before 249.14-150400.8.19.1
libudev1: before 249.14-150400.8.19.1
libudev1-debuginfo: before 249.14-150400.8.19.1
systemd: before 249.14-150400.8.19.1
systemd-container: before 249.14-150400.8.19.1
systemd-container-debuginfo: before 249.14-150400.8.19.1
systemd-debuginfo: before 249.14-150400.8.19.1
systemd-debugsource: before 249.14-150400.8.19.1
systemd-journal-remote: before 249.14-150400.8.19.1
libsystemd0: before 249.14-150400.8.19.1
systemd-sysvinit: before 249.14-150400.8.19.1
udev: before 249.14-150400.8.19.1
udev-debuginfo: before 249.14-150400.8.19.1
nss-myhostname: before 249.14-150400.8.19.1
nss-myhostname-debuginfo: before 249.14-150400.8.19.1
nss-systemd: before 249.14-150400.8.19.1
nss-systemd-debuginfo: before 249.14-150400.8.19.1
systemd-coredump: before 249.14-150400.8.19.1

SB2023012738 - SUSE update for systemd

Breakdown by Severity

Description

Remediation

References

Please verify you're human