openSUSE-SU-2021:0907-1

Опубликовано: 24 июн. 2021

Источник: suse-cvrf

Описание

Security update for cryptctl

This update for cryptctl fixes the following issues:

Update to version 2.4:

CVE-2019-18906: Client side password hashing was equivalent to clear text password storage (bsc#1186226)
First step to use plain text password instead of hashed password.
Move repository into the SUSE github organization
in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address
tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case
avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.

Список пакетов

openSUSE Leap 15.2

cryptctl-2.4-lp152.5.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/DGYSYGNUS4QKFOUUYGCDWJ7IFEVXEUO2/
E-Mail link for openSUSE-SU-2021:0907-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1186226
SUSE Bug 1186226
https://www.suse.com/security/cve/CVE-2019-18906/
SUSE CVE CVE-2019-18906 page

Описание

A Improper Authentication vulnerability in cryptctl of SUSE Linux Enterprise Server for SAP 12-SP5, SUSE Manager Server 4.0 allows attackers with access to the hashed password to use it without having to crack it. This issue affects: SUSE Linux Enterprise Server for SAP 12-SP5 cryptctl versions prior to 2.4. SUSE Manager Server 4.0 cryptctl versions prior to 2.4.

Затронутые продукты

openSUSE Leap 15.2:cryptctl-2.4-lp152.5.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-18906.html
CVE-2019-18906
https://bugzilla.suse.com/1186226
SUSE Bug 1186226

openSUSE-SU-2021:0907-1

Описание

Список пакетов

openSUSE Leap 15.2

Ссылки

Уязвимость: CVE-2019-18906

Описание

Затронутые продукты

Ссылки