الوصف:

أصدرت SUSE عدّة تحديثات لمعالجة عددًا من الثغرات في المنتجات التالية:

• mercurial
  • SUSE Linux Enterprise Module for Python2 15-SP1
• mariadb
  • SUSE OpenStack Cloud Crowbar 9
  • SUSE OpenStack Cloud 9
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server 12-SP4
  • SUSE Linux Enterprise Module for Server Applications 15-SP1
• fxawtv
  • SUSE Linux Enterprise Workstation Extension 12-SP5
  • SUSE Linux Enterprise Workstation Extension 12-SP4
• Linux Kernel
  • SUSE OpenStack Cloud Crowbar 8
  • SUSE OpenStack Cloud 8
  • SUSE Linux Enterprise Server for SAP 12-SP3
  • SUSE Linux Enterprise Server 12-SP3-LTSS
  • SUSE Linux Enterprise Server 12-SP3-BCL
  • SUSE Linux Enterprise High Availability 12-SP3
  • SUSE Enterprise Storage 5
  • HPE Helion Openstack 8
  • SUSE Linux Enterprise Server 12-SP5
• php5
  • SUSE Linux Enterprise Software Development Kit 12-SP4
  • SUSE Linux Enterprise Module for Web Scripting 128
• libssh2_org
  • SUSE Linux Enterprise Server for SAP 15
  • SUSE Linux Enterprise Server 15-LTSS
  • SUSE Linux Enterprise Module for Basesystem 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
• libreoffice
  • SUSE Linux Enterprise Workstation Extension 12-SP5
  • SUSE Linux Enterprise Workstation Extension 12-SP4
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE Linux Enterprise Software Development Kit 12-SP4
• curl
  • SUSE OpenStack Cloud Crowbar 8
  • SUSE OpenStack Cloud 8
  • SUSE OpenStack Cloud 7
  • SUSE Linux Enterprise Server for SAP 12-SP3
  • SUSE Linux Enterprise Server for SAP 12-SP2
  • SUSE Linux Enterprise Server 12-SP3-LTSS
  • SUSE Linux Enterprise Server 12-SP3-BCL
  • SUSE Linux Enterprise Server 12-SP2-LTSS
  • SUSE Linux Enterprise Server 12-SP2-BCL
  • SUSE Enterprise Storage 5
  • HPE Helion Openstack 8
  • SUSE Linux Enterprise Module for Basesystem 15-SP2
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Software Development Kit 12-SP4
  • SUSE Linux Enterprise Server 12-SP4
  • SUSE Linux Enterprise Server 11-SP4-LTSS
  • SUSE Linux Enterprise Server 11-SECURITY
  • SUSE Linux Enterprise Point of Sale 11-SP3
  • SUSE Linux Enterprise Debuginfo 11-SP4
  • SUSE Linux Enterprise Debuginfo 11-SP3

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• حجب الخدمة (DoS).
• الكشف والإفصاح غير المصرح به للمعلومات.
• تنفيذ برمجيات خبيثة.

الإجراءات الوقائية:

يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت SUSE توضيحًا لهذه التحديثات:

• https://www.suse.com/support/update/announcement/2020/suse-su-20201709-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201710-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201711-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201712-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201713-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201714-1/
• https://www.suse.com/support/update/announcement/2019/suse-su-20192900-2/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201731-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201732-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201733-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201734-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201735-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-202014409-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201699-1/