Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:0369-1

Опубликовано: 07 фев. 2020
Источник: suse-cvrf

Описание

Security update for wicked

This update for wicked fixes the following issues:

  • CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903).
  • CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904).
  • CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905).
  • CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906).

Список пакетов

SUSE Linux Enterprise Desktop 12 SP4
wicked-0.6.60-2.18.1
wicked-service-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4
wicked-0.6.60-2.18.1
wicked-service-0.6.60-2.18.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
wicked-0.6.60-2.18.1
wicked-service-0.6.60-2.18.1

Ссылки

Описание

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:wicked-0.6.60-2.18.1
SUSE Linux Enterprise Desktop 12 SP4:wicked-service-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4:wicked-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4:wicked-service-0.6.60-2.18.1
Ссылки

Описание

A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:wicked-0.6.60-2.18.1
SUSE Linux Enterprise Desktop 12 SP4:wicked-service-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4:wicked-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4:wicked-service-0.6.60-2.18.1
Ссылки

Описание

An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:wicked-0.6.60-2.18.1
SUSE Linux Enterprise Desktop 12 SP4:wicked-service-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4:wicked-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4:wicked-service-0.6.60-2.18.1
Ссылки

Описание

An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id.

Затронутые продукты
SUSE Linux Enterprise Desktop 12 SP4:wicked-0.6.60-2.18.1
SUSE Linux Enterprise Desktop 12 SP4:wicked-service-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4:wicked-0.6.60-2.18.1
SUSE Linux Enterprise Server 12 SP4:wicked-service-0.6.60-2.18.1
Ссылки