Описание
Security update for smt
SMT was updated to version 3.0.38.
Following security issue was fixed:
- CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076)
Following non security issues were fixed:
- Add migration path check when registration sharing is enabled
- Fix sibling sync errors (bsc#1111056):
- Synchronize all registered products
- Handle duplicate registrations when syncing
- Force resync to the sibling instance in
upgradeandsynchronizeAPI calls
Список пакетов
SUSE Enterprise Storage 4
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
SUSE Linux Enterprise Module for Public Cloud 12
smt-ha-3.0.38-52.26.1
SUSE Linux Enterprise Server 12 SP1-LTSS
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
SUSE Linux Enterprise Server 12 SP2-BCL
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
SUSE Linux Enterprise Server 12 SP2-LTSS
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
SUSE Linux Enterprise Server 12 SP3
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP2
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
SUSE OpenStack Cloud 7
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
Ссылки
- Link for SUSE-SU-2018:3467-1
- E-Mail link for SUSE-SU-2018:3467-1
- SUSE Security Ratings
- SUSE Bug 1104076
- SUSE Bug 1111056
- SUSE CVE CVE-2018-12472 page
Описание
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Затронутые продукты
SUSE Enterprise Storage 4:res-signingkeys-3.0.38-52.26.1
SUSE Enterprise Storage 4:smt-3.0.38-52.26.1
SUSE Enterprise Storage 4:smt-support-3.0.38-52.26.1
SUSE Linux Enterprise Module for Public Cloud 12:smt-ha-3.0.38-52.26.1
Ссылки
- CVE-2018-12472
- SUSE Bug 1104076