الوصف:

أصدرت SUSE عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:

• python
  • SUSE Linux Enterprise Desktop 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15-SP3
  • SUSE Linux Enterprise Module Python3 15-SP4
  • SUSE Linux Enterprise Module for Basesystem 15-SP3
  • SUSE Linux Enterprise Module for Desktop Applications 15-SP3
  • SUSE Linux Enterprise Module for Python2 15-SP3
  • SUSE Linux Enterprise Realtime Extension 15-SP2
  • SUSE Linux Enterprise Server 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications 15-SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Server 4.2
• yaml-cpp
  • SUSE Linux Enterprise Desktop 15-SP2
  • SUSE Linux Enterprise Desktop 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15-SP2
  • SUSE Linux Enterprise High Performance Computing 15-SP3
  • SUSE Linux Enterprise Installer 15-SP2
  • SUSE Linux Enterprise Micro 5.0
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP3
  • SUSE Linux Enterprise Module for Desktop Applications 15-SP3
  • SUSE Linux Enterprise Realtime Extension 15-SP2
  • SUSE Linux Enterprise Server 15-SP2
  • SUSE Linux Enterprise Server 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15-SP3
  • SUSE Linux Enterprise Storage 7
  • SUSE Manager Proxy 4.1
  • SUSE Manager Proxy 4.2
  • SUSE Manager Server 4.1
  • SUSE Manager Server 4.2
  • SUSE Linux Enterprise Desktop 12-SP5
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server for SAP Applications 12-SP5
  • SUSE Linux Enterprise Workstation Extension 12-SP5
• expat
  • SUSE Linux Enterprise Debuginfo 11-SP3
  • SUSE Linux Enterprise Debuginfo 11-SP4
  • SUSE Linux Enterprise Point of Sale 11-SP3
  • SUSE Linux Enterprise Server 11-SP4-LTSS
• kernel-firmware
  • SUSE Linux Enterprise Desktop 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15-SP3
  • SUSE Linux Enterprise Micro 5.1
  • SUSE Linux Enterprise Module for Basesystem 15-SP3
  • SUSE Linux Enterprise Server 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications 15-SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Server 4.2
• python2-numpy
  • SUSE Linux Enterprise Desktop 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15-SP3
  • SUSE Linux Enterprise Module for HPC 15-SP3
  • SUSE Linux Enterprise Module for Python2 15-SP3
  • SUSE Linux Enterprise Server 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications 15-SP3
  • SUSE Manager Proxy 4.2
  • SUSE Manager Server 4.2

يمكن للمهاجم استغلال هذه الثغرات وتنفيذ ما يلي:

• رفع الصلاحيات لزيادة قدرته على التعديل في النظام
• هجمة حجب الخدمة (DoS attack)

الاجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتSUSE توضيحًا لهذه التحديثات:

• https://www.suse.com/support/update/announcement/2022/suse-su-20221091-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221073-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221072-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-202214934-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221065-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221064-1/