SUSE-SU-2022:4265-1

Опубликовано: 29 нояб. 2022

Источник: suse-cvrf

Описание

Security update for nginx

This update for nginx fixes the following issues:

CVE-2021-3618: Fixed the ALPACA attack limiting the number of errors after which the connection is closed (bsc#1187685).

Список пакетов

SUSE Enterprise Storage 7

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

SUSE Linux Enterprise Server 15 SP2-BCL

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

SUSE Linux Enterprise Server 15 SP2-LTSS

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

SUSE Manager Proxy 4.1

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

SUSE Manager Retail Branch Server 4.1

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

SUSE Manager Server 4.1

nginx-1.16.1-150200.3.9.1

nginx-source-1.16.1-150200.3.9.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20224265-1/
Link for SUSE-SU-2022:4265-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/013138.html
E-Mail link for SUSE-SU-2022:4265-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1187685
SUSE Bug 1187685
https://www.suse.com/security/cve/CVE-2021-3618/
SUSE CVE CVE-2021-3618 page

Описание

ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.

Затронутые продукты

SUSE Enterprise Storage 7:nginx-1.16.1-150200.3.9.1

SUSE Enterprise Storage 7:nginx-source-1.16.1-150200.3.9.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nginx-1.16.1-150200.3.9.1

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nginx-source-1.16.1-150200.3.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-3618.html
CVE-2021-3618
https://bugzilla.suse.com/1187678
SUSE Bug 1187678

SUSE-SU-2022:4265-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP2-BCL

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Manager Proxy 4.1

SUSE Manager Retail Branch Server 4.1

SUSE Manager Server 4.1

Ссылки

Уязвимость: CVE-2021-3618

Описание

Затронутые продукты

Ссылки