Описание
Security update for cronie
This update for cronie fixes the following issues:
Security issues fixed:
- CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the deamon (bsc#1128937).
- CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935).
Bug fixes:
- Manual start of cron is possible even when it's already started using systemd (bsc#1133100).
- Cron schedules only one job of crontab (bsc#1130746).
Список пакетов
Image SLES12-SP5-Azure-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-Azure-Basic-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-Azure-HPC-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-Azure-HPC-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-Azure-SAP-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-Azure-SAP-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-Azure-Standard-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-EC2-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-EC2-ECS-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-EC2-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-EC2-SAP-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-EC2-SAP-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-GCE-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-GCE-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-GCE-SAP-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-GCE-SAP-On-Demand
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-OCI-BYOS-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-OCI-BYOS-SAP-BYOS
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
SUSE Linux Enterprise Desktop 12 SP4
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
SUSE Linux Enterprise Server 12 SP4
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
cron-4.2-59.10.1
cronie-1.4.11-59.10.1
Ссылки
- Link for SUSE-SU-2019:1990-1
- E-Mail link for SUSE-SU-2019:1990-1
- SUSE Security Ratings
- SUSE Bug 1128935
- SUSE Bug 1128937
- SUSE Bug 1130746
- SUSE Bug 1133100
- SUSE CVE CVE-2019-9704 page
- SUSE CVE CVE-2019-9705 page
Описание
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:cron-4.2-59.10.1
Image SLES12-SP5-Azure-BYOS:cronie-1.4.11-59.10.1
Image SLES12-SP5-Azure-Basic-On-Demand:cron-4.2-59.10.1
Image SLES12-SP5-Azure-Basic-On-Demand:cronie-1.4.11-59.10.1
Ссылки
- CVE-2019-9704
- SUSE Bug 1128937
- SUSE Bug 1187508
Описание
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:cron-4.2-59.10.1
Image SLES12-SP5-Azure-BYOS:cronie-1.4.11-59.10.1
Image SLES12-SP5-Azure-Basic-On-Demand:cron-4.2-59.10.1
Image SLES12-SP5-Azure-Basic-On-Demand:cronie-1.4.11-59.10.1
Ссылки
- CVE-2019-9705
- SUSE Bug 1128935
- SUSE Bug 1187508