Описание
Security update for cronie
This update for cronie fixes the following issues:
Security issues fixed:
- CVE-2019-9704: Fixed an insufficient check in the return value of calloc which could allow a local user to create Denial of Service by crashing the daemon (bsc#1128937).
- CVE-2019-9705: Fixed an implementation vulnerability which could allow a local user to exhaust the memory resulting in Denial of Service (bsc#1128935).
Bug fixes:
- Manual start of cron is possible even when it's already started using systemd (bsc#1133100).
- Cron schedules only one job of crontab (bsc#1130746).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
cron-4.2-lp151.4.3.1
cronie-1.5.1-lp151.4.3.1
cronie-anacron-1.5.1-lp151.4.3.1
openSUSE Leap 15.1
cron-4.2-lp151.4.3.1
cronie-1.5.1-lp151.4.3.1
cronie-anacron-1.5.1-lp151.4.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1520-1
- SUSE Security Ratings
- SUSE Bug 1128935
- SUSE Bug 1128937
- SUSE Bug 1130746
- SUSE Bug 1133100
- SUSE CVE CVE-2019-9704 page
- SUSE CVE CVE-2019-9705 page
Описание
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (daemon crash) via a large crontab file because the calloc return value is not checked.
Затронутые продукты
openSUSE Leap 15.0:cron-4.2-lp151.4.3.1
openSUSE Leap 15.0:cronie-1.5.1-lp151.4.3.1
openSUSE Leap 15.0:cronie-anacron-1.5.1-lp151.4.3.1
openSUSE Leap 15.1:cron-4.2-lp151.4.3.1
Ссылки
- CVE-2019-9704
- SUSE Bug 1128937
- SUSE Bug 1187508
Описание
Vixie Cron before the 3.0pl1-133 Debian package allows local users to cause a denial of service (memory consumption) via a large crontab file because an unlimited number of lines is accepted.
Затронутые продукты
openSUSE Leap 15.0:cron-4.2-lp151.4.3.1
openSUSE Leap 15.0:cronie-1.5.1-lp151.4.3.1
openSUSE Leap 15.0:cronie-anacron-1.5.1-lp151.4.3.1
openSUSE Leap 15.1:cron-4.2-lp151.4.3.1
Ссылки
- CVE-2019-9705
- SUSE Bug 1128935
- SUSE Bug 1187508