SUSE-SU-2023:2608-1

Опубликовано: 22 июн. 2023

Источник: suse-cvrf

Описание

Security update for ntp

This update for ntp fixes the following issues:

CVE-2023-26555: Fixed assertion failure on malformed RT-11 dates (bsc#1210390).

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP4-SAP-Azure-LI-BYOS

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP5-SAP-Azure-LI-BYOS

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS

ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

ntp-4.2.8p17-150000.4.25.1

SUSE Linux Enterprise Module for Legacy 15 SP4

ntp-4.2.8p17-150000.4.25.1

SUSE Linux Enterprise Module for Legacy 15 SP5

ntp-4.2.8p17-150000.4.25.1

openSUSE Leap 15.4

ntp-4.2.8p17-150000.4.25.1

ntp-doc-4.2.8p17-150000.4.25.1

openSUSE Leap 15.5

ntp-4.2.8p17-150000.4.25.1

ntp-doc-4.2.8p17-150000.4.25.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232608-1/
Link for SUSE-SU-2023:2608-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029993.html
E-Mail link for SUSE-SU-2023:2608-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1210390
SUSE Bug 1210390
https://www.suse.com/security/cve/CVE-2023-26555/
SUSE CVE CVE-2023-26555 page

Описание

praecis_parse in ntpd/refclock_palisade.c in NTP 4.2.8p15 has an out-of-bounds write. Any attack method would be complex, e.g., with a manipulated GPS receiver.

Затронутые продукты

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production:ntp-4.2.8p17-150000.4.25.1

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production:ntp-4.2.8p17-150000.4.25.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-26555.html
CVE-2023-26555
https://bugzilla.suse.com/1210390
SUSE Bug 1210390

SUSE-SU-2023:2608-1

Описание

Список пакетов

Image SLES15-SP1-SAP-Azure-LI-BYOS-Production

Image SLES15-SP1-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP2-SAP-Azure-LI-BYOS-Production

Image SLES15-SP2-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP3-SAP-Azure-LI-BYOS-Production

Image SLES15-SP3-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP4-SAP-Azure-LI-BYOS

Image SLES15-SP4-SAP-Azure-LI-BYOS-Production

Image SLES15-SP4-SAP-Azure-VLI-BYOS

Image SLES15-SP4-SAP-Azure-VLI-BYOS-Production

Image SLES15-SP5-SAP-Azure-LI-BYOS

Image SLES15-SP5-SAP-Azure-LI-BYOS-Production

Image SLES15-SP5-SAP-Azure-VLI-BYOS

Image SLES15-SP5-SAP-Azure-VLI-BYOS-Production

SUSE Linux Enterprise Module for Legacy 15 SP4

SUSE Linux Enterprise Module for Legacy 15 SP5

openSUSE Leap 15.4

openSUSE Leap 15.5

Ссылки

Уязвимость: CVE-2023-26555

Описание

Затронутые продукты

Ссылки