الوصف:

أصدرت SUSE عدّة تحديثات لمعالجة عددًا من الثغرات في المنتجات التالية:

• SUSE Linux Enterprise Module for Web Scripting 12
  • nodejs10
  • php72
• SUSE Linux Enterprise Point of Sale 11-SP3
  • java-1_7_0-ibm
• SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1
  • libsolv
  • libzypp
  • zypper
• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
  • libsolv
  • libzypp
  • zypper
  • sudo
• SUSE Linux Enterprise Module for Development Tools 15-SP1
  • libsolv
  • libzypp
  • zypper
• SUSE Linux Enterprise Module for Basesystem 15-SP1
  • libsolv
  • libzypp
  • zypper
  • sudo
  • ipmitool
• SUSE Linux Enterprise Server 11-SP4-LTSS
  • java-1_7_1-ibm
• SUSE Linux Enterprise Module for HPC 12
  • pdsh
  • slurm
• SUSE Linux Enterprise Server for SAP 12-SP1
  • rsyslog
  • gcc9
  • sudo
• SUSE Linux Enterprise Server 12-SP1-LTSS
  • rsyslog
  • gcc9
  • sudo
• SUSE OpenStack Cloud Crowbar 9
  • dnsmasq
• SUSE OpenStack Cloud Crowbar 8
  • dnsmasq
  • wicked
  • sudo
  • dbus-1
  • gcc9
• SUSE OpenStack Cloud 9
  • dnsmasq
• SUSE OpenStack Cloud 8
  • dnsmasq
  • wicked
  • sudo
  • dbus-1
  • gcc9
• SUSE OpenStack Cloud 7
  • dnsmasq
  • wicked
  • sudo
  • gcc9
• SUSE Linux Enterprise Server 12-SP5
  • dnsmasq
  • dpdk
  • ImageMagick
  • sudo
  • gcc9
• SUSE Linux Enterprise Server 12-SP4
  • dnsmasq
  • ImageMagick
  • sudo
  • gcc9
• SUSE Linux Enterprise Desktop 12-SP4
  • dnsmasq
  • ImageMagick
  • sudo
• HPE Helion Openstack 8
  • dnsmasq
  • wicked
  • sudo
  • dbus-1
  • gcc9
• SUSE Linux Enterprise Workstation Extension 15-SP1
  • enigmail
• SUSE Linux Enterprise Software Development Kit 12-SP5
  • dpdk
  • ImageMagick
  • sudo
  • php72
  • fontforge
• SUSE Linux Enterprise Workstation Extension 12-SP5
  • ImageMagick
• SUSE Linux Enterprise Workstation Extension 12-SP4
  • ImageMagick
• SUSE Linux Enterprise Software Development Kit 12-SP4
  • ImageMagick
  • sudo
  • php72
  • fontforge
• SUSE Linux Enterprise Server for SAP 12-SP3
  • wicked
  • sudo
  • dbus-1
  • gcc9
• SUSE Linux Enterprise Server for SAP 12-SP2
  • wicked
  • sudo
  • gcc9
• SUSE Linux Enterprise Server 12-SP3-LTSS
  • wicked
  • sudo
  • gcc9
• SUSE Linux Enterprise Server 12-SP3-BCL
  • wicked
  • sudo
  • gcc9
• SUSE Linux Enterprise Server 12-SP2-LTSS
  • wicked
  • sudo
  • gcc9
• SUSE Linux Enterprise Server 12-SP2-BCL
  • wicked
  • sudo
  • gcc9
• SUSE Enterprise Storage 5
  • wicked
  • sudo
  • dbus-1
  • gcc9
• SUSE CaaS Platform 3.0
  • wicked
  • sudo
• SUSE Linux Enterprise Server for SAP 15
  • sudo
• SUSE Linux Enterprise Server 15-LTSS
  • sudo
• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
  • sudo
• SUSE Linux Enterprise Module for Basesystem 15
  • sudo
• SUSE Linux Enterprise High Performance Computing 15-LTSS
  • sudo
• SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • sudo
• SUSE Linux Enterprise Module for Server Applications 15-SP1
  • ipmitool
• SUSE Linux Enterprise Module for Server Applications 15-SP1
  • gcc9

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• هجمة حجب الخدمة (DoS attack).
• ترقية ورفع الصلاحيات.
• تنفيذ برمجيات خبيثة.

الإجراءات الوقائية:

يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت SUSE توضيحًا لهذه التحديثات:

• https://www.suse.com/support/update/announcement/2020/suse-su-20200427-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-202014286-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200429-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200432-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-202014287-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200434-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200424-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200420-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200419-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200413-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200412-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200411-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200410-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200409-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200408-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200407-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200406-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200405-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20192820-2/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200397-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200394-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200393-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200390-1/