opensuse-su-2020:1209-1
Vulnerability from csaf_opensuse
Published
2020-08-14 18:18
Modified
2020-08-14 18:18
Summary
Security update for hylafax+
Notes
Title of the patch
Security update for hylafax+
Description of the patch
This update for hylafax+ fixes the following issues:
Hylafax was updated to upstream version 7.0.3.
Security issues fixed:
- CVE-2020-15396: Secure temporary directory creation for faxsetup, faxaddmodem, and probemodem (boo#1173521).
- CVE-2020-15397: Sourcing of files into binaries from user writeable directories (boo#1173519).
Non-security issues fixed:
* add UseSSLFax feature in sendfax, sendfax.conf, hyla.conf, and JobControl
(31 Jul 2020)
* be more resilient in listening for the Phase C carrier (30 Jul 2020)
* make sure to return to command mode if HDLC receive times out (29 Jul 2020)
* make faxmail ignore boundaries on parts other than multiparts (29 Jul 2020)
* don't attempt to write zero bytes of data to a TIFF (29 Jul 2020)
* don't ever respond to CRP with CRP (28 Jul 2020)
* reset frame counter when a sender retransmits PPS for a previously confirmed
ECM block (26 Jul 2020)
* scrutinize PPM before concluding that the sender missed our MCF (23 Jul 2020)
* fix modem recovery after SSL Fax failure (22, 26 Jul 2020)
* ignore echo of PPR, RTN, CRP (10, 13, 21 Jul 2020)
* attempt to handle NSF/CSI/DIS in Class 1 sending Phase D (6 Jul 2020)
* run scripts directly rather than invoking them via a shell for security
hardening (3-5 Jul 2020)
* add senderFumblesECM feature (3 Jul 2020)
* add support for PIN/PIP/PRI-Q/PPS-PRI-Q signals, add senderConfusesPIN
feature, and utilize PIN for rare conditions where it may be helpful
(2, 6, 13-14 Jul 2020)
* add senderConfusesRTN feature (25-26 Jun 2020)
* add MissedPageHandling feature (24 Jun 2020)
* use and handle CFR in Phase D to retransmit Phase C (16, 23 Jun 2020)
* cope with hearing echo of RR, CTC during Class 1 sending (15-17 Jun 2020)
* fix listening for retransmission of MPS/EOP/EOM if it was received
corrupt on the first attempt (15 Jun 2020)
* don't use CRP when receiving PPS/PPM as some senders think
we are sending MCF (12 Jun 2020)
* add BR_SSLFAX to show SSL Fax in notify and faxinfo output (1 Jun 2020)
* have faxinfo put units on non-standard page dimensions (28 May 2020)
* improve error messages for JobHost connection errors (22 May 2020)
* fix perpetual blocking of jobs when a job preparation fails,
attempt to fix similar blocking problems for bad jobs in
batches, and add 'unblock' faxconfig feature (21 May 2020)
* ignore TCF if we're receiving an SSL Fax (31 Jan 2020)
* fixes for build on FreeBSD 12.1 (31 Jan - 3 Feb 2020)
Patchnames
openSUSE-2020-1209
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for hylafax+",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for hylafax+ fixes the following issues:\n\nHylafax was updated to upstream version 7.0.3.\n\nSecurity issues fixed:\n\n- CVE-2020-15396: Secure temporary directory creation for faxsetup, faxaddmodem, and probemodem (boo#1173521).\n- CVE-2020-15397: Sourcing of files into binaries from user writeable directories (boo#1173519).\n\nNon-security issues fixed:\n\n* add UseSSLFax feature in sendfax, sendfax.conf, hyla.conf, and JobControl\n (31 Jul 2020)\n* be more resilient in listening for the Phase C carrier (30 Jul 2020)\n* make sure to return to command mode if HDLC receive times out (29 Jul 2020)\n* make faxmail ignore boundaries on parts other than multiparts (29 Jul 2020)\n* don\u0027t attempt to write zero bytes of data to a TIFF (29 Jul 2020)\n* don\u0027t ever respond to CRP with CRP (28 Jul 2020)\n* reset frame counter when a sender retransmits PPS for a previously confirmed\n ECM block (26 Jul 2020)\n* scrutinize PPM before concluding that the sender missed our MCF (23 Jul 2020)\n* fix modem recovery after SSL Fax failure (22, 26 Jul 2020)\n* ignore echo of PPR, RTN, CRP (10, 13, 21 Jul 2020)\n* attempt to handle NSF/CSI/DIS in Class 1 sending Phase D (6 Jul 2020)\n* run scripts directly rather than invoking them via a shell for security\n hardening (3-5 Jul 2020)\n* add senderFumblesECM feature (3 Jul 2020)\n* add support for PIN/PIP/PRI-Q/PPS-PRI-Q signals, add senderConfusesPIN\n feature, and utilize PIN for rare conditions where it may be helpful\n (2, 6, 13-14 Jul 2020)\n* add senderConfusesRTN feature (25-26 Jun 2020)\n* add MissedPageHandling feature (24 Jun 2020)\n* use and handle CFR in Phase D to retransmit Phase C (16, 23 Jun 2020)\n* cope with hearing echo of RR, CTC during Class 1 sending (15-17 Jun 2020)\n* fix listening for retransmission of MPS/EOP/EOM if it was received\n corrupt on the first attempt (15 Jun 2020)\n* don\u0027t use CRP when receiving PPS/PPM as some senders think\n we are sending MCF (12 Jun 2020)\n* add BR_SSLFAX to show SSL Fax in notify and faxinfo output (1 Jun 2020)\n* have faxinfo put units on non-standard page dimensions (28 May 2020)\n* improve error messages for JobHost connection errors (22 May 2020)\n* fix perpetual blocking of jobs when a job preparation fails,\n attempt to fix similar blocking problems for bad jobs in\n batches, and add \u0027unblock\u0027 faxconfig feature (21 May 2020)\n* ignore TCF if we\u0027re receiving an SSL Fax (31 Jan 2020)\n* fixes for build on FreeBSD 12.1 (31 Jan - 3 Feb 2020)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-1209",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_1209-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:1209-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X6XT7KUJG3ZNIXOR2ITCKSIPAFF3NF6A/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:1209-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/X6XT7KUJG3ZNIXOR2ITCKSIPAFF3NF6A/"
},
{
"category": "self",
"summary": "SUSE Bug 1173519",
"url": "https://bugzilla.suse.com/1173519"
},
{
"category": "self",
"summary": "SUSE Bug 1173521",
"url": "https://bugzilla.suse.com/1173521"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15396 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15396/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-15397 page",
"url": "https://www.suse.com/security/cve/CVE-2020-15397/"
}
],
"title": "Security update for hylafax+",
"tracking": {
"current_release_date": "2020-08-14T18:18:53Z",
"generator": {
"date": "2020-08-14T18:18:53Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:1209-1",
"initial_release_date": "2020-08-14T18:18:53Z",
"revision_history": [
{
"date": "2020-08-14T18:18:53Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "hylafax+-7.0.3-lp152.3.6.1.x86_64",
"product": {
"name": "hylafax+-7.0.3-lp152.3.6.1.x86_64",
"product_id": "hylafax+-7.0.3-lp152.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"product": {
"name": "hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"product_id": "hylafax+-client-7.0.3-lp152.3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64",
"product": {
"name": "libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64",
"product_id": "libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "hylafax+-7.0.3-lp152.3.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:hylafax+-7.0.3-lp152.3.6.1.x86_64"
},
"product_reference": "hylafax+-7.0.3-lp152.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "hylafax+-client-7.0.3-lp152.3.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:hylafax+-client-7.0.3-lp152.3.6.1.x86_64"
},
"product_reference": "hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64"
},
"product_reference": "libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-15396",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15396"
}
],
"notes": [
{
"category": "general",
"text": "In HylaFAX+ through 7.0.2 and HylaFAX Enterprise, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:hylafax+-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15396",
"url": "https://www.suse.com/security/cve/CVE-2020-15396"
},
{
"category": "external",
"summary": "SUSE Bug 1173521 for CVE-2020-15396",
"url": "https://bugzilla.suse.com/1173521"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:hylafax+-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:hylafax+-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-14T18:18:53Z",
"details": "important"
}
],
"title": "CVE-2020-15396"
},
{
"cve": "CVE-2020-15397",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-15397"
}
],
"notes": [
{
"category": "general",
"text": "HylaFAX+ through 7.0.2 and HylaFAX Enterprise have scripts that execute binaries from directories writable by unprivileged users (e.g., locations under /var/spool/hylafax that are writable by the uucp account). This allows these users to execute code in the context of the user calling these binaries (often root).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:hylafax+-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-15397",
"url": "https://www.suse.com/security/cve/CVE-2020-15397"
},
{
"category": "external",
"summary": "SUSE Bug 1173519 for CVE-2020-15397",
"url": "https://bugzilla.suse.com/1173519"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:hylafax+-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:hylafax+-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:hylafax+-client-7.0.3-lp152.3.6.1.x86_64",
"openSUSE Leap 15.2:libfaxutil7_0_3-7.0.3-lp152.3.6.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-08-14T18:18:53Z",
"details": "important"
}
],
"title": "CVE-2020-15397"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…