Oval Definition:oval:org.opensuse.security:def:202123177
Revision Date:2023-06-22Version:1
Title:CVE-2021-23177
Description:

An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2021-23177
SUSE CVE-2021-23177
SUSE-SU-2022:3306-1
SUSE-SU-2022:3393-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP2
SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Module for Development Tools 15 SP2
SUSE Linux Enterprise Module for Development Tools 15 SP5
SUSE Linux Enterprise Real Time 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP5
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Retail Branch Server 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP2 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • OR SUSE Linux Enterprise Module for Development Tools 15 SP2 is installed
  • OR SUSE Linux Enterprise Real Time 15 SP2 is installed
  • OR SUSE Linux Enterprise Server 15 SP2 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • OR SUSE Linux Enterprise Storage 7 is installed
  • OR SUSE Manager Proxy 4.1 is installed
  • OR SUSE Manager Retail Branch Server 4.1 is installed
  • OR SUSE Manager Server 4.1 is installed
  • AND libarchive is affected
  • OR Package Information
  • SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed
  • AND
  • bsdtar is affected
  • OR libarchive-devel is affected
  • OR libarchive13 is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Development Tools 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND bsdtar-3.5.1-150400.3.12.1 is installed
  • OR Package Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND
  • libarchive-devel-3.5.1-150400.3.12.1 is installed
  • OR libarchive13-3.5.1-150400.3.12.1 is installed
    • BACK