SUSE Updates
1725Warning Date
Severity Level
Warning Number
Target Sector
17 January, 2021
● High
2021-2334
All
Description:
SUSE has released security updates to address multiple vulnerabilities in the following products:
- nodejs14
- SUSE Linux Enterprise Module for Web Scripting 12
- Linux Kernel
- SUSE Linux Enterprise Module for Realtime 15-SP2
- SUSE Linux Enterprise Workstation Extension 15-SP2
- SUSE Linux Enterprise Module for Live Patching 15-SP2
- SUSE Linux Enterprise Module for Legacy Software 15-SP2
- SUSE Linux Enterprise Module for Development Tools 15-SP2
- SUSE Linux Enterprise Module for Basesystem 15-SP2
- SUSE Linux Enterprise High Availability 15-SP2
- SUSE Linux Enterprise Workstation Extension 15-SP1
- SUSE Linux Enterprise Module for Live Patching 15-SP1
- SUSE Linux Enterprise Module for Legacy Software 15-SP1
- SUSE Linux Enterprise Module for Development Tools 15-SP1
- SUSE Linux Enterprise Module for Basesystem 15-SP1
- SUSE Linux Enterprise High Availability 15-SP1
- SUSE Linux Enterprise Workstation Extension 12-SP5
- SUSE Linux Enterprise Software Development Kit 12-SP5
- SUSE Linux Enterprise Server 12-SP5
- SUSE Linux Enterprise Live Patching 12-SP5
- SUSE Linux Enterprise High Availability 12-SP5
- libzypp, zypper
- SUSE Linux Enterprise Module for Basesystem 15-SP2
- SUSE Linux Enterprise Installer 15-SP2
- rubygem-archive-tar-minitar
- SUSE Linux Enterprise Module for Containers 12
- nodejs8
- SUSE Linux Enterprise Module for Web Scripting 15-SP2
- MozillaThunderbird
- SUSE Linux Enterprise Workstation Extension 15-SP1
- SUSE Linux Enterprise Workstation Extension 15-SP2
- php7
- SUSE Linux Enterprise Module for Web Scripting 15-SP2
- SUSE Linux Enterprise Module for Packagehub Subpackages 15-SP2
- php72
- SUSE Linux Enterprise Software Development Kit 12-SP5
- SUSE Linux Enterprise Module for Web Scripting 12
- php74
- SUSE Linux Enterprise Software Development Kit 12-SP5
- SUSE Linux Enterprise Module for Web Scripting 12
- open-iscsi
- SUSE Linux Enterprise Module for Basesystem 15-SP2
- openldap2
- SUSE Linux Enterprise Software Development Kit 12-SP5
- SUSE Linux Enterprise Server 12-SP5
- SUSE Linux Enterprise Module for Legacy Software 15-SP2
- SUSE Linux Enterprise Module for Development Tools 15-SP2
- SUSE Linux Enterprise Module for Basesystem 15-SP2
- SUSE Linux Enterprise Server 11-SECURITY
- SUSE Linux Enterprise Server for SAP 12-SP5
- SUSE Linux Enterprise Server for SAP 12-SP4
- SUSE Linux Enterprise Server for SAP 12-SP3
- SUSE Linux Enterprise Server for SAP 12-SP2
- SUSE Linux Enterprise Module for Legacy Software 12
- slurm_20_02
- SUSE Linux Enterprise Module for HPC 15-SP1
- tcmu-runner
- SUSE Enterprise Storage 6
- ImageMagick
- SUSE Linux Enterprise Server 11-SP4-LTSS
- SUSE Linux Enterprise Point of Sale 11-SP3
- SUSE Linux Enterprise Debuginfo 11-SP4
- SUSE Linux Enterprise Debuginfo 11-SP3
- SUSE Linux Enterprise Module for Development Tools 15-SP2
- SUSE Linux Enterprise Module for Desktop Applications 15-SP2
Threats:
Attacker could exploit these vulnerabilities by doing the following:
- Information disclosure
- Denial of Service (DoS)
- Buffer overflow
- Privilege escalation
- Remote code execution
Best practice and Recommendations:
The CERT team encourages users to review SUSE security advisory and apply the necessary updates:
- https://www.suse.com/support/update/announcement/2021/suse-su-20210107-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210108-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210109-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210115-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210117-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210118-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210121-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210122-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210123-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210124-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210125-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210126-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210127-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210128-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210129-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-202114597-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210133-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210139-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210142-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210143-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-202114598-1/
- https://www.suse.com/support/update/announcement/2021/suse-su-20210153-1/