Security update for hawk2
This update for hawk2 fixes the following issues:
- Update to version 2.6.3:
* Remove hawk_invoke and use capture3 instead of runas (bsc#1179999)(CVE-2020-35459)
* Remove unnecessary chmod (bsc#1182166)(CVE-2021-25314)
* Sanitize filename to contains whitelist of alphanumeric (bsc#1182165)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Dario Maiocchi (dmaiocchi)
Fixed bugs
bnc#1179999
VUL-0: CVE-2020-35459: crmsh: Root privilege escalation via hawk_invoke and crmsh
bnc#1182165
AUDIT-FIND: hawk: Limit the filenames of uploaded reports
bnc#1182166
VUL-0: EMBARGOED: CVE-2021-25314: hawk: Insecure file permissions
