الوصف:

أصدرت SUSE عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:

• samba
  • SUSE Linux Enterprise Module for Python2 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
  • SUSE Linux Enterprise High Availability 15-SP1
  • SUSE Enterprise Storage 6
• java-1_8_0-openjdk
  • SUSE Linux Enterprise Module for Legacy Software 15-SP2
• xen
  • SUSE Linux Enterprise Module for Server Applications 15-SP2
  • SUSE Linux Enterprise Module for Basesystem 15-SP2
  • SUSE OpenStack Cloud Crowbar 9
  • SUSE OpenStack Cloud 9
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE Linux Enterprise Server 12-SP4-LTSS
• MozillaThunderbird
  • SUSE Linux Enterprise Workstation Extension 15-SP2
  • SUSE Linux Enterprise Workstation Extension 15-SP1
• MozillaFirefox
  • SUSE OpenStack Cloud Crowbar 9
  • SUSE OpenStack Cloud Crowbar 8
  • SUSE OpenStack Cloud 9
  • SUSE OpenStack Cloud 8
  • SUSE OpenStack Cloud 7
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE Linux Enterprise Server for SAP 12-SP3
  • SUSE Linux Enterprise Server for SAP 12-SP2
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server 12-SP4-LTSS
  • SUSE Linux Enterprise Server 12-SP3-LTSS
  • SUSE Linux Enterprise Server 12-SP3-BCL
  • SUSE Linux Enterprise Server 12-SP2-LTSS
  • SUSE Linux Enterprise Server 12-SP2-BCL
  • SUSE Enterprise Storage 5
  • HPE Helion Openstack 8
  • SUSE Linux Enterprise Module for Desktop Applications 15-SP2
  • SUSE Linux Enterprise Module for Desktop Applications 15-SP1
• graphviz
  • SUSE Linux Enterprise Module for Server Applications 15-SP2
  • SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
  • SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1
  • SUSE Linux Enterprise Module for Development Tools 15-SP2
  • SUSE Linux Enterprise Module for Basesystem 15-SP2
  • SUSE Linux Enterprise High Availability 15-SP2

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• هجمة حجب الخدمة (DoS attack)
• تعديل غير مصرح به
• الكشف والإفصاح غير المصرح به للمعلومات

الإجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة حيث أصدرت SUSE توضيحًا لهذه التحديثات:

• https://www.suse.com/support/update/announcement/2020/suse-su-20201891-1/
• https://www.suse.com/support/update/announcement/2019/suse-su-20191267-3/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201898-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201899-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201900-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201902-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201569-2/
• https://www.suse.com/support/update/announcement/2020/suse-su-20201913-1/