Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2023:0586-1

Опубликовано: 01 мар. 2023
Источник: suse-cvrf

Описание

Security update for nrpe

This update for nrpe fixes the following issues:

  • CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906).

Список пакетов

SUSE Linux Enterprise Server 12 SP2-BCL
monitoring-plugins-nrpe-2.15-6.3.1
nrpe-2.15-6.3.1
SUSE Linux Enterprise Server 12 SP4-ESPOS
monitoring-plugins-nrpe-2.15-6.3.1
nrpe-2.15-6.3.1
SUSE Linux Enterprise Server 12 SP4-LTSS
monitoring-plugins-nrpe-2.15-6.3.1
nrpe-2.15-6.3.1
SUSE Linux Enterprise Server 12 SP5
monitoring-plugins-nrpe-2.15-6.3.1
nrpe-2.15-6.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP4
monitoring-plugins-nrpe-2.15-6.3.1
nrpe-2.15-6.3.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
monitoring-plugins-nrpe-2.15-6.3.1
nrpe-2.15-6.3.1
SUSE OpenStack Cloud 9
monitoring-plugins-nrpe-2.15-6.3.1
nrpe-2.15-6.3.1
SUSE OpenStack Cloud Crowbar 9
monitoring-plugins-nrpe-2.15-6.3.1
nrpe-2.15-6.3.1

Ссылки

Описание

The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue.

Затронутые продукты
SUSE Linux Enterprise Server 12 SP2-BCL:monitoring-plugins-nrpe-2.15-6.3.1
SUSE Linux Enterprise Server 12 SP2-BCL:nrpe-2.15-6.3.1
SUSE Linux Enterprise Server 12 SP4-ESPOS:monitoring-plugins-nrpe-2.15-6.3.1
SUSE Linux Enterprise Server 12 SP4-ESPOS:nrpe-2.15-6.3.1
Ссылки