تحديثات SUSE
3171تاريخ التحذير
مستوى الخطورة
رقم التحذير
القطاع المستهدف
26 فبراير, 2020
● عالي
2020-965
الكل
الوصف:
أصدرت SUSE عدّة تحديثات لمعالجة عددًا من الثغرات في المنتجات التالية:
- SUSE Linux Enterprise Server for SAP 15
- nodejs8, nodejs10
- java-1_8_0-ibm
- webkit2gtk3
- SUSE Linux Enterprise Server 15-LTSS
- nodejs8, nodejs10
- java-1_8_0-ibm
- webkit2gtk3
- SUSE Linux Enterprise Module for Web Scripting 15-SP1
- nodejs8, nodejs10
- SUSE Linux Enterprise Module for Web Scripting 15
- nodejs8, nodejs10
- SUSE Linux Enterprise High Performance Computing 15-LTSS
- nodejs8, nodejs10
- webkit2gtk3
- SUSE Linux Enterprise High Performance Computing 15-ESPOS
- nodejs8, nodejs10
- webkit2gtk3
- SUSE OpenStack Cloud Crowbar 8
- java-1_7_1-ibm
- libexif
- openssl
- SUSE OpenStack Cloud 8
- java-1_7_1-ibm
- libexif
- openssl
- SUSE OpenStack Cloud 7
- java-1_7_1-ibm
- libexif
- openssl
- SUSE Linux Enterprise Software Development Kit 12-SP5
- java-1_7_1-ibm
- libexif
- libvpx
- SUSE Linux Enterprise Software Development Kit 12-SP4
- java-1_7_1-ibm
- libexif
- libvpx
- SUSE Linux Enterprise Server for SAP 12-SP3
- java-1_7_1-ibm
- libexif
- openssl
- SUSE Linux Enterprise Server for SAP 12-SP2
- java-1_7_1-ibm
- libexif
- openssl
- SUSE Linux Enterprise Server for SAP 12-SP1
- java-1_7_1-ibm
- libexif
- SUSE Linux Enterprise Server 12-SP5
- java-1_7_1-ibm
- libexif
- libvpx
- SUSE Linux Enterprise Server 12-SP4
- java-1_7_1-ibm
- libexif
- libvpx
- SUSE Linux Enterprise Server 12-SP3-LTSS
- java-1_7_1-ibm
- libexif
- openssl
- SUSE Linux Enterprise Server 12-SP3-BCL
- java-1_7_1-ibm
- libexif
- openssl
- SUSE Linux Enterprise Server 12-SP2-LTSS
- java-1_7_1-ibm
- libexif
- openssl
- SUSE Linux Enterprise Server 12-SP2-BCL
- java-1_7_1-ibm
- libexif
- openssl
- SUSE Linux Enterprise Server 12-SP1-LTSS
- java-1_7_1-ibm
- libexif
- SUSE Enterprise Storage 5
- java-1_7_1-ibm
- libexif
- openssl
- HPE Helion Openstack 8
- java-1_7_1-ibm
- libexif
- openssl
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
- Libexif
- java-1_8_0-ibm
- python3
- webkit2gtk3
- SUSE Linux Enterprise Module for Desktop Applications 15-SP1
- Libexif
- webkit2gtk3
- SUSE Linux Enterprise Module for Desktop Applications 15
- Libexif
- webkit2gtk
- SUSE Linux Enterprise Workstation Extension 12-SP5
- libvpx
- SUSE Linux Enterprise Workstation Extension 12-SP4
- libvpx
- SUSE Linux Enterprise Module for Legacy Software 15-SP1
- java-1_8_0-ibm
- SUSE Linux Enterprise Module for Legacy Software 15
- java-1_8_0-ibm
- SUSE Linux Enterprise Module for Development Tools 15-SP1
- python3
- SUSE Linux Enterprise Module for Basesystem 15-SP1
- python3
- webkit2gtk3
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
- webkit2gtk3
- SUSE Linux Enterprise Module for Basesystem 15
- webkit2gtk3
- SUSE Linux Enterprise Server 11-SP4-LTSS
- ppp
- SUSE Linux Enterprise Point of Sale 11-SP3
- ppp
- SUSE Linux Enterprise Debuginfo 11-SP4
- ppp
- SUSE Linux Enterprise Debuginfo 11-SP3
- Ppp
- SUSE CaaS Platform 3.0
- openssl
التهديدات:
يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:
- تجاوز سعة مخزن الذاكرة المؤقت.
- أعطال بالذاكرة.
- هجمة حجب الخدمة (DoS).
- تنفيذ برمجيات خبيثة.
الإجراءات الوقائية:
يوصي المركز بتحديث المنتجات المتأثرة، حيث أصدرت SUSE توضيحًا لهذه التحديثات:
- https://www.suse.com/support/update/announcement/2020/suse-su-20200454-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200455-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200456-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200457-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200459-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200466-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200467-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200468-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-202014292-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200474-1/