SUSE-SU-2019:13981-1

Опубликовано: 18 мар. 2019

Источник: suse-cvrf

Описание

Security update for openwsman

This update for openwsman fixes the following issues:

Security issues fixed:

CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623).
CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623).

Список пакетов

SUSE Linux Enterprise Server 11 SP4

libwsman1-2.2.3-0.16.8.1

openwsman-client-2.2.3-0.16.8.1

openwsman-server-2.2.3-0.16.8.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4

libwsman1-2.2.3-0.16.8.1

openwsman-client-2.2.3-0.16.8.1

openwsman-server-2.2.3-0.16.8.1

SUSE Linux Enterprise Software Development Kit 11 SP4

libwsman-devel-2.2.3-0.16.8.1

openwsman-python-2.2.3-0.16.8.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-201913981-1/
Link for SUSE-SU-2019:13981-1
https://www.suse.com/support/update/announcement/2019/suse-su-201913981-1.html
E-Mail link for SUSE-SU-2019:13981-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1122623
SUSE Bug 1122623
https://www.suse.com/security/cve/CVE-2019-3816/
SUSE CVE CVE-2019-3816 page
https://www.suse.com/security/cve/CVE-2019-3833/
SUSE CVE CVE-2019-3833 page

Описание

Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:libwsman1-2.2.3-0.16.8.1

SUSE Linux Enterprise Server 11 SP4:openwsman-client-2.2.3-0.16.8.1

SUSE Linux Enterprise Server 11 SP4:openwsman-server-2.2.3-0.16.8.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsman1-2.2.3-0.16.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3816.html
CVE-2019-3816
https://bugzilla.suse.com/1122623
SUSE Bug 1122623

Описание

Openwsman, versions up to and including 2.6.9, are vulnerable to infinite loop in process_connection() when parsing specially crafted HTTP requests. A remote, unauthenticated attacker can exploit this vulnerability by sending malicious HTTP request to cause denial of service to openwsman server.

Затронутые продукты

SUSE Linux Enterprise Server 11 SP4:libwsman1-2.2.3-0.16.8.1

SUSE Linux Enterprise Server 11 SP4:openwsman-client-2.2.3-0.16.8.1

SUSE Linux Enterprise Server 11 SP4:openwsman-server-2.2.3-0.16.8.1

SUSE Linux Enterprise Server for SAP Applications 11 SP4:libwsman1-2.2.3-0.16.8.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-3833.html
CVE-2019-3833
https://bugzilla.suse.com/1122623
SUSE Bug 1122623

SUSE-SU-2019:13981-1

Описание

Список пакетов

SUSE Linux Enterprise Server 11 SP4

SUSE Linux Enterprise Server for SAP Applications 11 SP4

SUSE Linux Enterprise Software Development Kit 11 SP4

Ссылки

Уязвимость: CVE-2019-3816

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2019-3833

Описание

Затронутые продукты

Ссылки