الوصف:

أصدرت SUSE عدّة تحديثات لمعالجة عددٍ من الثغرات في المنتجات التالية:

• 389-ds
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise Server 15-LTSS
• libsolv, libzypp, zypper
  • SUSE CaaS Platform 4.0
  • SUSE Enterprise Storage 6
  • SUSE Linux Enterprise Desktop 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
  • SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
  • SUSE Linux Enterprise Installer 15-SP1
  • SUSE Linux Enterprise Server 15-SP1
  • SUSE Linux Enterprise Server 15-SP1-BCL
  • SUSE Linux Enterprise Server 15-SP1-LTSS
  • SUSE Linux Enterprise Server for SAP 15-SP1
  • SUSE Linux Enterprise Server for SAP Applications 15-SP1
  • SUSE Linux Enterprise Storage 6
  • SUSE Manager Proxy 4.0
  • SUSE Manager Server 4.0
  • SUSE Linux Enterprise Desktop 15
  • SUSE Linux Enterprise High Performance Computing 15
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise Installer 15
  • SUSE Linux Enterprise Server 15
  • SUSE Linux Enterprise Server 15-LTSS
  • SUSE Linux Enterprise Server for SAP 15
  • SUSE Linux Enterprise Server for SAP Applications 15
• libsolv, libzypp
  • SUSE Linux Enterprise Server 12-SP2-BCL
• openjpeg2
  • HPE Helion Openstack 8
  • SUSE Linux Enterprise Server 12-SP2-BCL
  • SUSE Linux Enterprise Server 12-SP3-BCL
  • SUSE Linux Enterprise Server 12-SP3-LTSS
  • SUSE Linux Enterprise Server 12-SP4-LTSS
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server for SAP 12-SP3
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE OpenStack Cloud 8
  • SUSE OpenStack Cloud 9
  • SUSE OpenStack Cloud Crowbar 8
  • SUSE OpenStack Cloud Crowbar 9
• MozillaFirefox
  • SUSE Enterprise Storage 7
  • SUSE Linux Enterprise Desktop 15-SP3
  • SUSE Linux Enterprise Desktop 15-SP4
  • SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
  • SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
  • SUSE Linux Enterprise High Performance Computing 15-SP3
  • SUSE Linux Enterprise High Performance Computing 15-SP4
  • SUSE Linux Enterprise Module for Desktop Applications 15-SP3
  • SUSE Linux Enterprise Module for Desktop Applications 15-SP4
  • SUSE Linux Enterprise Realtime Extension 15-SP2
  • SUSE Linux Enterprise Server 15-SP2-BCL
  • SUSE Linux Enterprise Server 15-SP2-LTSS
  • SUSE Linux Enterprise Server 15-SP3
  • SUSE Linux Enterprise Server 15-SP4
  • SUSE Linux Enterprise Server for SAP 15-SP2
  • SUSE Linux Enterprise Server for SAP Applications 15-SP3
  • SUSE Linux Enterprise Server for SAP Applications 15-SP4
  • SUSE Manager Proxy 4.1
  • SUSE Manager Proxy 4.2
  • SUSE Manager Retail Branch Server 4.1
  • SUSE Manager Server 4.1
  • SUSE Manager Server 4.2

التهديدات:

يمكن للمهاجم استغلال هذه الثغرات من خلال التالي:

• تجاوز سعة مخزن الذاكرة المؤقت
• هجمة حجب الخدمة (DoS attack)

الاجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتSUSE توضيحًا لهذه التحديثات:

• https://www.suse.com/support/update/announcement/2022/suse-su-20221139-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221131-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221130-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221128-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221129-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20221127-1/