Описание
Security update for supportutils
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords from supportconfig archive (bsc#1207598).
Bug fixes:
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Changed _sanitize_file to include lio_setup.sh (bsc#1206350)
Список пакетов
Image SLES12-SP5-Azure-BYOS
supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-Basic-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-HPC-BYOS
supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-HPC-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-SAP-BYOS
supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-SAP-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-Standard-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-EC2-BYOS
supportutils-3.0.11-95.54.1
Image SLES12-SP5-EC2-ECS-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-EC2-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-EC2-SAP-BYOS
supportutils-3.0.11-95.54.1
Image SLES12-SP5-EC2-SAP-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-GCE-BYOS
supportutils-3.0.11-95.54.1
Image SLES12-SP5-GCE-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-GCE-SAP-BYOS
supportutils-3.0.11-95.54.1
Image SLES12-SP5-GCE-SAP-On-Demand
supportutils-3.0.11-95.54.1
Image SLES12-SP5-SAP-Azure-LI-BYOS-Production
supportutils-3.0.11-95.54.1
Image SLES12-SP5-SAP-Azure-VLI-BYOS-Production
supportutils-3.0.11-95.54.1
SUSE Linux Enterprise Server 12 SP5
supportutils-3.0.11-95.54.1
SUSE Linux Enterprise Server for SAP Applications 12 SP5
supportutils-3.0.11-95.54.1
Ссылки
- Link for SUSE-SU-2023:2465-1
- E-Mail link for SUSE-SU-2023:2465-1
- SUSE Security Ratings
- SUSE Bug 1196933
- SUSE Bug 1206350
- SUSE Bug 1206608
- SUSE Bug 1207598
- SUSE CVE CVE-2022-45154 page
Описание
A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.
Затронутые продукты
Image SLES12-SP5-Azure-BYOS:supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-Basic-On-Demand:supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-HPC-BYOS:supportutils-3.0.11-95.54.1
Image SLES12-SP5-Azure-HPC-On-Demand:supportutils-3.0.11-95.54.1
Ссылки
- CVE-2022-45154
- SUSE Bug 1207598