Описание
Security update for cockpit
This update for cockpit fixes the following issues:
-
new version 320:
- pam-ssh-add: Fix insecure killing of session ssh-agent (boo#1226040, CVE-2024-6126)
-
changes in older versions:
- Storage: Btrfs snapshots
- Podman: Add image pull action
- Files: Bookmark support
- webserver: System user changes
- Metrics: Grafana setup now prefers Valkey
-
Invalid json against the storaged manifest boo#1227299
Список пакетов
SUSE Package Hub 15 SP6
cockpit-320-bp156.2.6.3
cockpit-bridge-320-bp156.2.6.3
cockpit-devel-320-bp156.2.6.3
cockpit-doc-320-bp156.2.6.3
cockpit-kdump-320-bp156.2.6.3
cockpit-networkmanager-320-bp156.2.6.3
cockpit-packagekit-320-bp156.2.6.3
cockpit-pcp-320-bp156.2.6.3
cockpit-selinux-320-bp156.2.6.3
cockpit-storaged-320-bp156.2.6.3
cockpit-system-320-bp156.2.6.3
cockpit-ws-320-bp156.2.6.3
openSUSE Leap 15.6
cockpit-320-bp156.2.6.3
cockpit-bridge-320-bp156.2.6.3
cockpit-devel-320-bp156.2.6.3
cockpit-doc-320-bp156.2.6.3
cockpit-kdump-320-bp156.2.6.3
cockpit-networkmanager-320-bp156.2.6.3
cockpit-packagekit-320-bp156.2.6.3
cockpit-pcp-320-bp156.2.6.3
cockpit-selinux-320-bp156.2.6.3
cockpit-storaged-320-bp156.2.6.3
cockpit-system-320-bp156.2.6.3
cockpit-ws-320-bp156.2.6.3
Ссылки
- E-Mail link for openSUSE-SU-2024:0206-1
- SUSE Security Ratings
- SUSE Bug 1226040
- SUSE Bug 1227299
- SUSE CVE CVE-2024-6126 page
Описание
A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack.
Затронутые продукты
SUSE Package Hub 15 SP6:cockpit-320-bp156.2.6.3
SUSE Package Hub 15 SP6:cockpit-bridge-320-bp156.2.6.3
SUSE Package Hub 15 SP6:cockpit-devel-320-bp156.2.6.3
SUSE Package Hub 15 SP6:cockpit-doc-320-bp156.2.6.3
Ссылки
- CVE-2024-6126
- SUSE Bug 1226040