openSUSE-SU-2022:10187-1

Опубликовано: 02 нояб. 2022

Источник: suse-cvrf

Описание

Security update for EternalTerminal

This update for EternalTerminal fixes the following issues:

Update to 6.2.1:

CVE-2022-24949: Fixed race condition allows local attacker to hijack IPC socket (boo#1202435)
CVE-2022-24950: Fixed privilege escalation to root (boo#1202434)
CVE-2022-24951: Fixed DoS triggered remotely by invalid sequence numbers (boo#1202433)
CVE-2022-24952: Fixed race condition allows authenticated attacker to hijack other users' SSH authorization socket (boo#1202432)

Список пакетов

SUSE Package Hub 15 SP3

EternalTerminal-6.2.1-bp153.2.3.1

openSUSE Leap 15.3

EternalTerminal-6.2.1-bp153.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JH3ZAC25EJQ7SSVMLKBZFLS6IEAXTLZ2/
E-Mail link for openSUSE-SU-2022:10187-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1202432
SUSE Bug 1202432
https://bugzilla.suse.com/1202433
SUSE Bug 1202433
https://bugzilla.suse.com/1202434
SUSE Bug 1202434
https://bugzilla.suse.com/1202435
SUSE Bug 1202435
https://www.suse.com/security/cve/CVE-2022-24949/
SUSE CVE CVE-2022-24949 page
https://www.suse.com/security/cve/CVE-2022-24950/
SUSE CVE CVE-2022-24950 page
https://www.suse.com/security/cve/CVE-2022-24951/
SUSE CVE CVE-2022-24951 page
https://www.suse.com/security/cve/CVE-2022-24952/
SUSE CVE CVE-2022-24952 page

Описание

A privilege escalation to root exists in Eternal Terminal prior to version 6.2.0. This is due to the combination of a race condition, buffer overflow, and logic bug all in PipeSocketHandler::listen().

Затронутые продукты

SUSE Package Hub 15 SP3:EternalTerminal-6.2.1-bp153.2.3.1

openSUSE Leap 15.3:EternalTerminal-6.2.1-bp153.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24949.html
CVE-2022-24949
https://bugzilla.suse.com/1202435
SUSE Bug 1202435

Описание

A race condition exists in Eternal Terminal prior to version 6.2.0 that allows an authenticated attacker to hijack other users' SSH authorization socket, enabling the attacker to login to other systems as the targeted users. The bug is in UserTerminalRouter::getInfoForId().

Затронутые продукты

SUSE Package Hub 15 SP3:EternalTerminal-6.2.1-bp153.2.3.1

openSUSE Leap 15.3:EternalTerminal-6.2.1-bp153.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24950.html
CVE-2022-24950
https://bugzilla.suse.com/1202434
SUSE Bug 1202434

Описание

A race condition exists in Eternal Terminal prior to version 6.2.0 which allows a local attacker to hijack Eternal Terminal's IPC socket, enabling access to Eternal Terminal clients which attempt to connect in the future.

Затронутые продукты

SUSE Package Hub 15 SP3:EternalTerminal-6.2.1-bp153.2.3.1

openSUSE Leap 15.3:EternalTerminal-6.2.1-bp153.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24951.html
CVE-2022-24951
https://bugzilla.suse.com/1202433
SUSE Bug 1202433

Описание

Several denial of service vulnerabilities exist in Eternal Terminal prior to version 6.2.0, including a DoS triggered remotely by an invalid sequence number and a local bug triggered by invalid input sent directly to the IPC socket.

Затронутые продукты

SUSE Package Hub 15 SP3:EternalTerminal-6.2.1-bp153.2.3.1

openSUSE Leap 15.3:EternalTerminal-6.2.1-bp153.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-24952.html
CVE-2022-24952
https://bugzilla.suse.com/1202432
SUSE Bug 1202432

openSUSE-SU-2022:10187-1

Описание

Список пакетов

SUSE Package Hub 15 SP3

openSUSE Leap 15.3

Ссылки

Уязвимость: CVE-2022-24949

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-24950

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-24951

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-24952

Описание

Затронутые продукты

Ссылки