Описание
Security update for openwsman
This update for openwsman fixes the following issues:
Security issues fixed:
- CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623).
- CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623).
Список пакетов
SUSE Linux Enterprise Desktop 12 SP3
libwsman1-2.4.11-21.8.1
libwsman_clientpp1-2.4.11-21.8.1
openwsman-server-2.4.11-21.8.1
SUSE Linux Enterprise Desktop 12 SP4
libwsman1-2.4.11-21.8.1
libwsman_clientpp1-2.4.11-21.8.1
openwsman-server-2.4.11-21.8.1
SUSE Linux Enterprise Server 12 SP3
libwsman1-2.4.11-21.8.1
libwsman_clientpp1-2.4.11-21.8.1
openwsman-server-2.4.11-21.8.1
SUSE Linux Enterprise Server 12 SP4
libwsman1-2.4.11-21.8.1
libwsman_clientpp1-2.4.11-21.8.1
openwsman-server-2.4.11-21.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP3
libwsman1-2.4.11-21.8.1
libwsman_clientpp1-2.4.11-21.8.1
openwsman-server-2.4.11-21.8.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
libwsman1-2.4.11-21.8.1
libwsman_clientpp1-2.4.11-21.8.1
openwsman-server-2.4.11-21.8.1
SUSE Linux Enterprise Software Development Kit 12 SP3
libwsman-devel-2.4.11-21.8.1
libwsman_clientpp-devel-2.4.11-21.8.1
openwsman-python-2.4.11-21.8.1
SUSE Linux Enterprise Software Development Kit 12 SP4
libwsman-devel-2.4.11-21.8.1
libwsman_clientpp-devel-2.4.11-21.8.1
openwsman-python-2.4.11-21.8.1
Ссылки
- Link for SUSE-SU-2019:0656-1
- E-Mail link for SUSE-SU-2019:0656-1
- SUSE Security Ratings
- SUSE Bug 1122623
- SUSE CVE CVE-2019-3816 page
- SUSE CVE CVE-2019-3833 page
Описание
Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libwsman1-2.4.11-21.8.1
SUSE Linux Enterprise Desktop 12 SP3:libwsman_clientpp1-2.4.11-21.8.1
SUSE Linux Enterprise Desktop 12 SP3:openwsman-server-2.4.11-21.8.1
SUSE Linux Enterprise Desktop 12 SP4:libwsman1-2.4.11-21.8.1
Ссылки
- CVE-2019-3816
- SUSE Bug 1122623
Описание
Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.
Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP3:libwsman1-2.4.11-21.8.1
SUSE Linux Enterprise Desktop 12 SP3:libwsman_clientpp1-2.4.11-21.8.1
SUSE Linux Enterprise Desktop 12 SP3:openwsman-server-2.4.11-21.8.1
SUSE Linux Enterprise Desktop 12 SP4:libwsman1-2.4.11-21.8.1
Ссылки
- CVE-2019-3833
- SUSE Bug 1122623