Johannes Segitz

**Name of the Vulnerable Software and Affected Versions** traefik2 versions prior to 2.11.29 **Description** A UNIX Symbolic Link (Symlink) Following vulnerability exists in the packaging of openSUSE Tumbleweed traefik2. This issue allows the `traefik` user to escalate to root privileges. **Recommendations** Update traefik2 to version 2.11.29 or later.

Name of the Vulnerable Software and Affected Versions: gerbera versions prior to 2.5.0-1.1 Description: A vulnerability in the gerbera package on openSUSE Tumbleweed allows the service user gerbera to escalate to root. Recommendations: For versions prior to 2.5.0-1.1, update to version 2.5.0-1.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** mlocate (affected versions not specified) **Description** The issue allows the RUN UPDATEDB AS user to make arbitrary files world readable by abusing insecure file operations that run with root privileges. This is due to mlocate's %post script. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apache Tomcat (affected versions not specified) **Description** The issue is related to insecure permissions in the packaging of Apache Tomcat, allowing local users to escalate to root if they win a race during package installation. This is a local privilege escalation issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE Tumbleweed hawk2 package (affected versions not specified) **Description** The issue is related to incorrect default permissions in the hawk2 package, allowing users with access to the hacluster to escalate to root. This affects openSUSE Tumbleweed. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise Server for SAP 15 rmt-server versions prior to 2.10 SUSE Linux Enterprise Server for SAP 15-SP1 rmt-server versions prior to 2.10 SUSE Manager Server 4.1 rmt-server versions prior to 2.10 openSUSE Leap 15.3 rmt-server versions prior to 2.10 openSUSE Leap 15.4 rmt-server versions prior to 2.10 **Description** The issue is related to incorrect default permissions in the rmt-server-regsharing service of SUSE Linux Enterprise Server, allowing local attackers with access to the rmt user to escalate to root. This can be exploited by attackers to gain elevated privileges. **Recommendations** For SUSE Linux Enterprise Server for SAP 15, update the rmt-server to version 2.10 or later. For SUSE Linux Enterprise Server for SAP 15-SP1, update the rmt-server to version 2.10 or later. For SUSE Manager Server 4.1, update the rmt-server to version 2.10 or later. For openSUSE Leap 15.3, update the rmt-server to version 2.10 or later. For openSUSE Leap 15.4, update the rmt-server to version 2.10 or later.

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e **Description** The issue is related to incorrect default permissions in the saphanabootstrap-formula of affected operating systems, allowing local attackers to escalate to root by manipulating the sudo configuration. This can be exploited by executing commands with elevated privileges. **Recommendations** For SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e, update to version 0.13.1+git.1667812208.4db963e or later. For SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e, update to version 0.13.1+git.1667812208.4db963e or later. For openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e, update to version 0.13.1+git.1667812208.4db963e or later. As a temporary workaround, consider restricting access to the sudo configuration to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** openSUSE Factory slurm versions prior to 22.05.2-3.3 **Description** A vulnerability in the packaging of the slurm testsuite of openSUSE Factory allows local attackers with control over the slurm user to escalate to root. **Recommendations** For openSUSE Factory slurm versions prior to 22.05.2-3.3, update to version 22.05.2-3.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** keylime versions prior to 6.4.2-1.1 **Description** A UNIX Symbolic Link (Symlink) Following issue in keylime of openSUSE Tumbleweed allows local attackers to escalate from the keylime user to root. **Recommendations** For versions prior to 6.4.2-1.1, update to version 6.4.2-1.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Quagga versions through 1.2.4 Description: An issue was discovered that allows users with control of the non-root-owned directory /etc/quagga to escalate their privileges to root upon package installation or update due to unsafe chown/chmod operations in the suggested spec file. Recommendations: For Quagga versions through 1.2.4, consider restricting access to the /etc/quagga directory to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Wazuh versions through 4.1.5 **Description** The issue is related to a remote Integer Underflow vulnerability that might lead to denial of service. It requires a crafted message to be sent from an authenticated agent to the manager. **Recommendations** For versions through 4.1.5, update to a version later than 4.1.5 to resolve the issue. As a temporary workaround, consider restricting access to authenticated agents to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15 SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15 SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15 openSUSE Factory arpwatch versions prior to 2.1a15-169.5 openSUSE Leap 15.2 arpwatch versions prior to 2.1a15-lp152.5.5 **Description** A UNIX Symbolic Link (Symlink) Following issue in arpwatch allows local attackers with control of the runtime user to run arpwatch and escalate to root upon the next restart of arpwatch. This is due to incorrect permission assignment for files. The issue can be exploited by a local attacker to gain root privileges. **Recommendations** For SUSE Linux Enterprise Server 11-SP4-LTSS, update arpwatch to version 2.1a15 or later. For SUSE Manager Server 4.0, update arpwatch to version 2.1a15 or later. For SUSE OpenStack Cloud Crowbar 9, update arpwatch to version 2.1a15 or later. For openSUSE Factory, update arpwatch to version 2.1a15-169.5 or later. For openSUSE Leap 15.2, update arpwatch to version 2.1a15-lp152.5.5 or later.

Name of the Vulnerable Software and Affected Versions: openSUSE Factory cyrus-sasl versions 2.1.27-4.2 and prior versions. Description: A Insecure Temporary File vulnerability in the packaging of cyrus-sasl of openSUSE Factory allows local attackers to escalate to root. Recommendations: For openSUSE Factory cyrus-sasl versions 2.1.27-4.2 and prior versions, update to a version later than 2.1.27-4.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openSUSE Leap versions prior to 2.6.2 SUSE Linux Enterprise Server 11-SP3 version inn-2.4.2-170.21.3.1 and prior versions openSUSE Backports SLE-15-SP2 versions prior to 2.6.2 **Description** The issue is related to insufficient access control in the inn package, which can be exploited by an attacker to escalate their privileges from the news user to root. This allows local attackers to gain elevated access. **Recommendations** For openSUSE Leap versions prior to 2.6.2, update to version 2.6.2 or later. For SUSE Linux Enterprise Server 11-SP3 version inn-2.4.2-170.21.3.1 and prior versions, update to a version later than inn-2.4.2-170.21.3.1. For openSUSE Backports SLE-15-SP2 versions prior to 2.6.2, update to version 2.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9 SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9 SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9 **Description** A Creation of Temporary File With Insecure Permissions issue in hawk2 allows local attackers to escalate to root. This issue is related to the creation of temporary files with insecure permissions in the hawk2 web interface of SUSE Linux Enterprise Server and OpenSUSE Leap operating systems. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** For SUSE Linux Enterprise High Availability 12-SP3 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9, update to version 2.6.3+git.1614685906.812c31e9 or later. For SUSE Linux Enterprise High Availability 12-SP5 hawk2 versions prior to 2.6.3+git.1614685906.812c31e9, update to version 2.6.3+git.1614685906.812c31e9 or later. For SUSE Linux Enterprise High Availability 15-SP2 hawk2 versions prior to 2.6.3+git.1614684118.af555ad9, update to version 2.6.3+git.1614684118.af555ad9 or later.

Name of the Vulnerable Software and Affected Versions: SUSE CaaS Platform 4.5 skuba versions prior to the version including https://github.com/SUSE/skuba/pull/1416 Description: The issue is related to an Incorrect Permission Assignment for Critical Resource vulnerability in skuba, allowing local attackers to gain access to the kublet key. This vulnerability can be exploited by local attackers. Recommendations: For SUSE CaaS Platform 4.5 skuba versions prior to the version including https://github.com/SUSE/skuba/pull/1416, update to a version that includes the changes from https://github.com/SUSE/skuba/pull/1416 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: SUSE CaaS Platform 4.5 Description: A local attacker can exploit an Insecure Temporary File vulnerability in skuba to leak the `bootstrapToken` or modify the configuration file before it is processed. This can lead to arbitrary modifications of the machine or cluster. Recommendations: For SUSE CaaS Platform 4.5, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** openldap2 versions prior to 2.4.26-0.74.13.1 openldap2 versions prior to 2.4.41-18.71.2 openldap2 versions prior to 2.4.46-9.31.1 openldap2 versions prior to 2.4.46-lp151.10.12.1 openldap2 versions prior to 2.4.46-lp152.14.3.1 **Description** The issue is related to the acceptance of extraneous untrusted data with trusted data in the start script of openldap2, allowing local attackers to escalate privileges from user ldap to root. **Recommendations** For openldap2 versions prior to 2.4.26-0.74.13.1, update to version 2.4.26-0.74.13.1 or later. For openldap2 versions prior to 2.4.41-18.71.2, update to version 2.4.41-18.71.2 or later. For openldap2 versions prior to 2.4.46-9.31.1, update to version 2.4.46-9.31.1 or later. For openldap2 versions prior to 2.4.46-lp151.10.12.1, update to version 2.4.46-lp151.10.12.1 or later. For openldap2 versions prior to 2.4.46-lp152.14.3.1, update to version 2.4.46-lp152.14.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** HylaFAX+ versions prior to 7.0.3 HylaFAX Enterprise (affected versions not specified) **Description** The issue allows a local attacker to potentially escalate privileges to root by exploiting a race condition in the faxsetup utility, which uses chown on files in user-owned directories. **Recommendations** For HylaFAX+ versions prior to 7.0.3, update to version 7.0.3 or later to resolve the issue. For HylaFAX Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** HylaFAX+ versions prior to 7.0.3 HylaFAX Enterprise (affected versions not specified) **Description** The issue allows unprivileged users to execute code in the context of the user calling certain binaries, often root, due to scripts executing binaries from directories writable by these users, such as locations under /var/spool/hylafax that are writable by the uucp account. **Recommendations** For HylaFAX+ versions prior to 7.0.3, update to version 7.0.3 or later to resolve the issue. For HylaFAX Enterprise, at the moment, there is no information about a newer version that contains a fix for this vulnerability.