Описание
Security update for smt
SMT was updated to version 3.0.38.
Following security issue was fixed:
- CVE-2018-12472: Harden hostname check during sibling check by forcing double reverse lookup (bsc#1104076)
Following non security issues were fixed:
- Add migration path check when registration sharing is enabled
- Fix sibling sync errors (bsc#1111056):
- Synchronize all registered products
- Handle duplicate registrations when syncing
- Force resync to the sibling instance in
upgradeandsynchronizeAPI calls
Список пакетов
SUSE Linux Enterprise Server for SAP Applications 12 SP1
res-signingkeys-3.0.38-52.26.1
smt-3.0.38-52.26.1
smt-support-3.0.38-52.26.1
Ссылки
- Link for SUSE-SU-2018:3467-2
- E-Mail link for SUSE-SU-2018:3467-2
- SUSE Security Ratings
- SUSE Bug 1104076
- SUSE Bug 1111056
- SUSE CVE CVE-2018-12472 page
Описание
A improper authentication using the HOST header in SUSE Linux SMT allows remote attackers to spoof a sibling server. Affected releases are SUSE Linux SMT: versions prior to 3.0.37.
Затронутые продукты
SUSE Linux Enterprise Server for SAP Applications 12 SP1:res-signingkeys-3.0.38-52.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:smt-3.0.38-52.26.1
SUSE Linux Enterprise Server for SAP Applications 12 SP1:smt-support-3.0.38-52.26.1
Ссылки
- CVE-2018-12472
- SUSE Bug 1104076