SUSE Updates
3280Warning Date
Severity Level
Warning Number
Target Sector
23 February, 2020
● High
2020-942
All
Description:
SUSE has released security updates to address multiple vulnerabilities in the following products:
- SUSE Linux Enterprise Module for Web Scripting 12
- nodejs10
- php72
- SUSE Linux Enterprise Point of Sale 11-SP3
- java-1_7_0-ibm
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP1
- libsolv
- libzypp
- zypper
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
- libsolv
- libzypp
- zypper
- sudo
- SUSE Linux Enterprise Module for Development Tools 15-SP1
- libsolv
- libzypp
- zypper
- SUSE Linux Enterprise Module for Basesystem 15-SP1
- libsolv
- libzypp
- zypper
- sudo
- ipmitool
- SUSE Linux Enterprise Server 11-SP4-LTSS
- java-1_7_1-ibm
- SUSE Linux Enterprise Module for HPC 12
- pdsh
- slurm
- SUSE Linux Enterprise Server for SAP 12-SP1
- rsyslog
- gcc9
- sudo
- SUSE Linux Enterprise Server 12-SP1-LTSS
- rsyslog
- gcc9
- sudo
- SUSE OpenStack Cloud Crowbar 9
- dnsmasq
- SUSE OpenStack Cloud Crowbar 8
- dnsmasq
- wicked
- sudo
- dbus-1
- gcc9
- SUSE OpenStack Cloud 9
- dnsmasq
- SUSE OpenStack Cloud 8
- dnsmasq
- wicked
- sudo
- dbus-1
- gcc9
- SUSE OpenStack Cloud 7
- dnsmasq
- wicked
- sudo
- gcc9
- SUSE Linux Enterprise Server 12-SP5
- dnsmasq
- dpdk
- ImageMagick
- sudo
- gcc9
- SUSE Linux Enterprise Server 12-SP4
- dnsmasq
- ImageMagick
- sudo
- gcc9
- SUSE Linux Enterprise Desktop 12-SP4
- dnsmasq
- ImageMagick
- sudo
- HPE Helion Openstack 8
- dnsmasq
- wicked
- sudo
- dbus-1
- gcc9
- SUSE Linux Enterprise Workstation Extension 15-SP1
- enigmail
- SUSE Linux Enterprise Software Development Kit 12-SP5
- dpdk
- ImageMagick
- sudo
- php72
- fontforge
- SUSE Linux Enterprise Workstation Extension 12-SP5
- ImageMagick
- SUSE Linux Enterprise Workstation Extension 12-SP4
- ImageMagick
- SUSE Linux Enterprise Software Development Kit 12-SP4
- ImageMagick
- sudo
- php72
- fontforge
- SUSE Linux Enterprise Server for SAP 12-SP3
- wicked
- sudo
- dbus-1
- gcc9
- SUSE Linux Enterprise Server for SAP 12-SP2
- wicked
- sudo
- gcc9
- SUSE Linux Enterprise Server 12-SP3-LTSS
- wicked
- sudo
- gcc9
- SUSE Linux Enterprise Server 12-SP3-BCL
- wicked
- sudo
- gcc9
- SUSE Linux Enterprise Server 12-SP2-LTSS
- wicked
- sudo
- gcc9
- SUSE Linux Enterprise Server 12-SP2-BCL
- wicked
- sudo
- gcc9
- SUSE Enterprise Storage 5
- wicked
- sudo
- dbus-1
- gcc9
- SUSE CaaS Platform 3.0
- wicked
- sudo
- SUSE Linux Enterprise Server for SAP 15
- sudo
- SUSE Linux Enterprise Server 15-LTSS
- sudo
- SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
- sudo
- SUSE Linux Enterprise Module for Basesystem 15
- sudo
- SUSE Linux Enterprise High Performance Computing 15-LTSS
- sudo
- SUSE Linux Enterprise High Performance Computing 15-ESPOS
- sudo
- SUSE Linux Enterprise Module for Server Applications 15-SP1
- ipmitool
- SUSE Linux Enterprise Module for Server Applications 15-SP1
- gcc9
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Denial of service attack (DoS).
- Privilege escalation.
- Execute arbitrary code.
Best practice and Recommendations:
The CERT team encourages users to review SUSE security advisory and apply the necessary Updates:
- https://www.suse.com/support/update/announcement/2020/suse-su-20200427-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-202014286-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200429-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200432-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-202014287-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200434-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200424-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200420-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200419-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200413-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200412-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200411-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200410-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200409-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200408-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200407-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200406-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200405-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20192820-2/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200397-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200394-1/
- https://www.suse.com/support/update/announcement/2020/suse-su-20200393-1/
https://www.suse.com/support/update/announcement/2020/suse-su-20200390-1/