الوصف:

أصدرت SUSE عدة تحديثات لمعالجة عدد من الثغرات في المنتجات التالية:

• go1.15
  • SUSE Linux Enterprise Module for Development Tools 15-SP2
  • SUSE Linux Enterprise Module for Development Tools 15-SP1
• python-pip
  • SUSE Linux Enterprise Server for SAP 15
  • SUSE Linux Enterprise Server 15-LTSS
  • SUSE Linux Enterprise Module for Python2 15-SP2
  • SUSE Linux Enterprise Module for Python2 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15-SP2
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
• Pdns
  • SUSE OpenStack Cloud 9
• xen
  • HPE Helion Openstack 8
  • SUSE Enterprise Storage 5
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15-SP2
  • SUSE Linux Enterprise Module for Server Applications 15-SP1
  • SUSE Linux Enterprise Module for Server Applications 15-SP2
  • SUSE Linux Enterprise Server 12-SP3-BCL
  • SUSE Linux Enterprise Server 12-SP3-LTSS
  • SUSE Linux Enterprise Server 12-SP4-LTSS
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server for SAP 12-SP3
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE Linux Enterprise Server for SAP 15
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE OpenStack Cloud 8
  • SUSE OpenStack Cloud 9
  • SUSE OpenStack Cloud Crowbar 8
  • SUSE OpenStack Cloud Crowbar 9
• bcm43xx-firmware
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
• nodejs8
  • SUSE Linux Enterprise Module for Web Scripting 15-SP2
• tar
  • SUSE Linux Enterprise Server 12-SP5
• aspell
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE Linux Enterprise Server 12-SP5

التهديدات:

يمكن للمهاجم استغلال الثغرات وتنفيذ ما يلي:

• هجمة حجب الخدمة (DoS attack)
• الكشف والإفصاح غير المصرح به للمعلومات
• هجمة البرمجة عبر المواقع Cross-site scripting (XSS)
• أعطال في الذاكرة

الإجراءات الوقائية:

يوصي المركز بتحديث النسخ المتأثرة حيث أصدرتSUSE توضيحًا لهذه التحديثات:

• https://www.suse.com/support/update/announcement/2020/suse-su-20202776-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202784-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202785-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202786-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202787-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202788-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202789-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202790-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202791-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202792-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202800-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202806-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202807-1/