Security update for arpwatch SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:14759-1 Final 1 1 2021-06-28T13:47:09Z current 2021-06-28T13:47:09Z 2021-06-28T13:47:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for arpwatch This update for arpwatch fixes the following issues: - CVE-2021-25321: Fixed local privilege escalation from runtime user to root (bsc#1186240). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). sleposp3-arpwatch-14759,slessp4-arpwatch-14759 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-202114759-1/ Link for SUSE-SU-2021:14759-1 https://lists.suse.com/pipermail/sle-security-updates/2021-June/009093.html E-Mail link for SUSE-SU-2021:14759-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1186240 SUSE Bug 1186240 https://www.suse.com/security/cve/CVE-2021-25321/ SUSE CVE CVE-2021-25321 page SUSE Linux Enterprise Point of Sale 11 SP3 SUSE Linux Enterprise Server 11 SP4-LTSS arpwatch-2.1a15-131.23.2.6.1 arpwatch-2.1a15-131.23.2.6.1 as a component of SUSE Linux Enterprise Point of Sale 11 SP3 arpwatch-2.1a15-131.23.2.6.1 as a component of SUSE Linux Enterprise Server 11 SP4-LTSS A UNIX Symbolic Link (Symlink) Following vulnerability in arpwatch of SUSE Linux Enterprise Server 11-SP4-LTSS, SUSE Manager Server 4.0, SUSE OpenStack Cloud Crowbar 9; openSUSE Factory, Leap 15.2 allows local attackers with control of the runtime user to run arpwatch as to escalate to root upon the next restart of arpwatch. This issue affects: SUSE Linux Enterprise Server 11-SP4-LTSS arpwatch versions prior to 2.1a15. SUSE Manager Server 4.0 arpwatch versions prior to 2.1a15. SUSE OpenStack Cloud Crowbar 9 arpwatch versions prior to 2.1a15. openSUSE Factory arpwatch version 2.1a15-169.5 and prior versions. openSUSE Leap 15.2 arpwatch version 2.1a15-lp152.5.5 and prior versions. CVE-2021-25321 SUSE Linux Enterprise Point of Sale 11 SP3:arpwatch-2.1a15-131.23.2.6.1 SUSE Linux Enterprise Server 11 SP4-LTSS:arpwatch-2.1a15-131.23.2.6.1 important 7.2 AV:L/AC:L/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-202114759-1/ https://www.suse.com/security/cve/CVE-2021-25321.html CVE-2021-25321 https://bugzilla.suse.com/1186240 SUSE Bug 1186240