الوصف:

أصدرت SUSE عدّة تحديثات لمعالجة ثغرة في المنتجات التالية:

• tomcat
  • SUSE Linux Enterprise Module for Web Scripting 15-SP1
  • SUSE OpenStack Cloud Crowbar 9
  • SUSE OpenStack Cloud 9
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server 12-SP4-LTSS
  • SUSE Linux Enterprise Module for Web Scripting 15-SP2
• SUSE Manager Client Tools
  • SUSE OpenStack Cloud Crowbar 9
  • SUSE OpenStack Cloud Crowbar 8
  • SUSE OpenStack Cloud 9
  • SUSE OpenStack Cloud 8
  • SUSE Manager Tools 12
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE Linux Enterprise Server for SAP 12-SP3
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server 12-SP4-LTSS
  • SUSE Linux Enterprise Server 12-SP3-LTSS
  • SUSE Linux Enterprise Server 12-SP3-BCL
  • SUSE Enterprise Storage 5
  • HPE Helion Openstack 8
  • SUSE Manager Tools 15
  • SUSE Manager Ubuntu 16.04-CLIENT-TOOLS
  • SUSE Manager Ubuntu 18.04-CLIENT-TOOLS
  • SUSE Manager Ubuntu 20.04-CLIENT-TOOLS
• Salt
  • SUSE Manager Tools 12
  • SUSE Manager Server 3.2
  • SUSE Manager Proxy 3.2
  • SUSE Linux Enterprise Point of Sale 12-SP2
  • SUSE Linux Enterprise Module for Advanced Systems Management 12
  • SUSE Linux Enterprise Server for SAP 15
  • SUSE Linux Enterprise Server 15-LTSS
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • SUSE Linux Enterprise Module for Server Applications 15-SP1
  • SUSE Linux Enterprise Module for Python2 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
• openexr
  • SUSE Linux Enterprise Workstation Extension 12-SP5
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE Linux Enterprise Server 12-SP5

التهديدات:

يمكن للمهاجم استغلال الثغرة وتنفيذ مايلي:

• رفع الصلاحيات لزيادة قدرته على التعديل في النظام
• تجاوز سعة مخزن الذاكرة المؤقت
• تجاوز المصادقات

الإجراءات الوقائية:

يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت SUSE توضيحًا لهذه التحديثات:

• https://www.suse.com/support/update/announcement/2020/suse-su-20201962-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201963-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201970-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201971-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201972-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201973-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201974-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-202014429-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-202014430-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-202014431-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201983-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201984-1/