Описание
Security update for cronie
This update for cronie fixes the following issues:
Security issues fixed:
- CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937).
- CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935).
Bug fixes:
- Manual start of cron is possible even when it's already started using systemd (bsc#1133100).
- Cron schedules only one job of crontab (bsc#1130746).
Список пакетов
Image SLES15-SP3-BYOS-Azure
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-BYOS-EC2-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-BYOS-GCE
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-EC2-ECS-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-EC2-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-GCE
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-HPC-Azure
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-HPC-BYOS-Azure
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-HPC-BYOS-EC2-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-HPC-BYOS-GCE
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAP-Azure
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAP-BYOS-Azure
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAP-BYOS-EC2-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAP-BYOS-GCE
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAP-EC2-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAP-GCE
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAPCAL-Azure
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAPCAL-EC2-HVM
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Image SLES15-SP3-SAPCAL-GCE
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
cron-4.2-6.7.1
cronie-1.5.1-6.7.1
Ссылки
- Link for SUSE-SU-2019:1389-2
- E-Mail link for SUSE-SU-2019:1389-2
- SUSE Security Ratings
- SUSE Bug 1128935
- SUSE Bug 1128937
- SUSE Bug 1130746
- SUSE Bug 1133100
- SUSE CVE CVE-2019-9704 page
- SUSE CVE CVE-2019-9705 page
Описание
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:cron-4.2-6.7.1
Image SLES15-SP3-BYOS-Azure:cronie-1.5.1-6.7.1
Image SLES15-SP3-BYOS-EC2-HVM:cron-4.2-6.7.1
Image SLES15-SP3-BYOS-EC2-HVM:cronie-1.5.1-6.7.1
Ссылки
- CVE-2019-9704
- SUSE Bug 1128937
- SUSE Bug 1187508
Описание
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
Затронутые продукты
Image SLES15-SP3-BYOS-Azure:cron-4.2-6.7.1
Image SLES15-SP3-BYOS-Azure:cronie-1.5.1-6.7.1
Image SLES15-SP3-BYOS-EC2-HVM:cron-4.2-6.7.1
Image SLES15-SP3-BYOS-EC2-HVM:cronie-1.5.1-6.7.1
Ссылки
- CVE-2019-9705
- SUSE Bug 1128935
- SUSE Bug 1187508