{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_security_advisory","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"Security update for saphanabootstrap-formula","title":"Title of the patch"},{"category":"description","text":"This update for saphanabootstrap-formula fixes the following issues:\n\n- Version bump 0.13.1\n  * revert changes to spec file to re-enable SLES RPM builds\n  * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990)\n\n- Version bump 0.13.0\n  * pass sid to sudoers in a SLES12 compatible way\n  * add location constraint to gcp_stonith\n\n- Version bump 0.12.1\n  * moved templates dir into hana dir in repository to be gitfs compatible\n\n- Version bump 0.12.0\n  * add SAPHanaSR takeover blocker\n\n- Version bump 0.11.0\n  * use check_cmd instead of tmp sudoers file\n  * make sudoers rules more secure\n  * migrate sudoers to template file\n\n- Version bump 0.10.1\n  * fix hook removal conditions\n  * fix majority_maker code on case grain is empty\n\n- Version bump 0.10.0\n  * allow to disable shared HANA basepath and rework add_hosts code\n    (enables HANA scale-out on AWS)\n  * do not edit global.ini directly (if not needed)\n\n- Version bump 0.9.1\n  * fix majority_maker code on case grain is empty\n\n- Version bump 0.9.0\n  * define vip_mechanism for every provider and reorder resources\n    (same schema for all SAP related formulas)\n\n- Version bump 0.8.1\n  * use multi-target Hook on HANA scale-out\n\n- Version bump 0.8.0\n  * add HANA scale-out support\n  * add idempotence to not affect a running HANA and cluster\n\n- Version bump 0.7.2\n  * add native fencing for microsoft-azure\n\n- fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703\n- removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory\n- fixes execution order of srTakeover/srCostOptMemConfig hook\n- renames and updates hook srTakeover to srCostOptMemConfig\n\n- Changing exporter stickiness to => 0 and adjusting the colocation \n  score from +inf to -inf and changing the colocation from Master to Slave. \n  This change fix the impact of a failed exporter in regards to the HANA DB.\n  \n\n- Document extra_parameters in pillar.example (bsc#1185643)\n\n- Change hanadb_exporter default timeout value to 30 seconds\n\n- Set correct stickiness for the azure-lb resource\n  The azure-lb resource receives an stickiness=0 to not influence on\n  transitions calculations as the HANA resources have more priority\n","title":"Description of the patch"},{"category":"details","text":"SUSE-2023-10,SUSE-SLE-Module-SAP-Applications-15-SP1-2023-10","title":"Patchnames"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"SUSE ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"self","summary":"URL of this CSAF notice","url":"https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0010-1.json"},{"category":"self","summary":"URL for SUSE-SU-2023:0010-1","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20230010-1/"},{"category":"self","summary":"E-Mail link for SUSE-SU-2023:0010-1","url":"https://lists.suse.com/pipermail/sle-security-updates/2023-January/013407.html"},{"category":"self","summary":"SUSE Bug 1185643","url":"https://bugzilla.suse.com/1185643"},{"category":"self","summary":"SUSE Bug 1205990","url":"https://bugzilla.suse.com/1205990"},{"category":"self","summary":"SUSE CVE CVE-2022-45153 page","url":"https://www.suse.com/security/cve/CVE-2022-45153/"}],"title":"Security update for saphanabootstrap-formula","tracking":{"current_release_date":"2023-01-02T10:42:48Z","generator":{"date":"2023-01-02T10:42:48Z","engine":{"name":"cve-database.git:bin/generate-csaf.pl","version":"1"}},"id":"SUSE-SU-2023:0010-1","initial_release_date":"2023-01-02T10:42:48Z","revision_history":[{"date":"2023-01-02T10:42:48Z","number":"1","summary":"Current version"}],"status":"final","version":"1"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_version","name":"saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch","product":{"name":"saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch","product_id":"saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch"}}],"category":"architecture","name":"noarch"},{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Module for SAP Applications 15 SP1","product":{"name":"SUSE Linux Enterprise Module for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Module for SAP Applications 15 SP1","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-sap-applications:15:sp1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch as component of SUSE Linux Enterprise Module for SAP Applications 15 SP1","product_id":"SUSE Linux Enterprise Module for SAP Applications 15 SP1:saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch"},"product_reference":"saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch","relates_to_product_reference":"SUSE Linux Enterprise Module for SAP Applications 15 SP1"}]},"vulnerabilities":[{"cve":"CVE-2022-45153","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-45153"}],"notes":[{"category":"general","text":"An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Applications 15-SP1, SUSE Linux Enterprise Server for SAP 12-SP5; openSUSE Leap 15.4 allows local attackers to escalate to root by manipulating the sudo configuration that is created. This issue affects: SUSE Linux Enterprise Module for SAP Applications 15-SP1 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. SUSE Linux Enterprise Server for SAP 12-SP5 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e. openSUSE Leap 15.4 saphanabootstrap-formula versions prior to 0.13.1+git.1667812208.4db963e.","title":"CVE description"}],"product_status":{"recommended":["SUSE Linux Enterprise Module for SAP Applications 15 SP1:saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch"]},"references":[{"category":"external","summary":"CVE-2022-45153","url":"https://www.suse.com/security/cve/CVE-2022-45153"},{"category":"external","summary":"SUSE Bug 1205990 for CVE-2022-45153","url":"https://bugzilla.suse.com/1205990"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Module for SAP Applications 15 SP1:saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch"]}],"scores":[{"cvss_v3":{"baseScore":7.8,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Module for SAP Applications 15 SP1:saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150000.1.19.1.noarch"]}],"threats":[{"category":"impact","date":"2023-01-02T10:42:48Z","details":"important"}],"title":"CVE-2022-45153"}]}