SUSE-SU-2024:2040-1

Опубликовано: 17 июн. 2024

Источник: suse-cvrf

Описание

Security update for booth

This update for booth fixes the following issues:

CVE-2024-3049: Fixed a vulnerability where a specially crafted hash can lead to invalid HMAC being accepted by Booth server. (bsc#1226032)

Список пакетов

SUSE Linux Enterprise High Availability Extension 15 SP6

booth-1.1+git0.09b0074-150600.3.3.1

openSUSE Leap 15.6

booth-1.1+git0.09b0074-150600.3.3.1

booth-test-1.1+git0.09b0074-150600.3.3.1

Ссылки

https://www.suse.com/support/update/announcement/2024/suse-su-20242040-1/
Link for SUSE-SU-2024:2040-1
https://lists.suse.com/pipermail/sle-updates/2024-June/035599.html
E-Mail link for SUSE-SU-2024:2040-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1226032
SUSE Bug 1226032
https://www.suse.com/security/cve/CVE-2024-3049/
SUSE CVE CVE-2024-3049 page

Описание

A flaw was found in Booth, a cluster ticket manager. If a specially-crafted hash is passed to gcry_md_get_algo_dlen(), it may allow an invalid HMAC to be accepted by the Booth server.

Затронутые продукты

SUSE Linux Enterprise High Availability Extension 15 SP6:booth-1.1+git0.09b0074-150600.3.3.1

openSUSE Leap 15.6:booth-1.1+git0.09b0074-150600.3.3.1

openSUSE Leap 15.6:booth-test-1.1+git0.09b0074-150600.3.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2024-3049.html
CVE-2024-3049
https://bugzilla.suse.com/1226032
SUSE Bug 1226032

SUSE-SU-2024:2040-1

Описание

Список пакетов

SUSE Linux Enterprise High Availability Extension 15 SP6

openSUSE Leap 15.6

Ссылки

Уязвимость: CVE-2024-3049

Описание

Затронутые продукты

Ссылки