Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0264-1

Опубликовано: 30 янв. 2020
Источник: suse-cvrf

Описание

Security update for wicked

This update for wicked fixes the following issues:

  • CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903).
  • CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905).

Список пакетов

Container caasp/v4/rsyslog:8.39.0
wicked-0.6.60-3.10.1
wicked-service-0.6.60-3.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP1
wicked-0.6.60-3.10.1
wicked-service-0.6.60-3.10.1

Ссылки

Описание

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.

Затронутые продукты
Container caasp/v4/rsyslog:8.39.0:wicked-0.6.60-3.10.1
Container caasp/v4/rsyslog:8.39.0:wicked-service-0.6.60-3.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:wicked-0.6.60-3.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:wicked-service-0.6.60-3.10.1
Ссылки

Описание

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.

Затронутые продукты
Container caasp/v4/rsyslog:8.39.0:wicked-0.6.60-3.10.1
Container caasp/v4/rsyslog:8.39.0:wicked-service-0.6.60-3.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:wicked-0.6.60-3.10.1
SUSE Linux Enterprise Module for Basesystem 15 SP1:wicked-service-0.6.60-3.10.1
Ссылки