Description:

SUSE has released security updates to multiple vulnerabilities in the following products:

• rubygem-actionpack-5_1
  • SUSE Linux Enterprise High Availability 15-SP2
  • SUSE Linux Enterprise High Availability 15-SP1
  • SUSE Linux Enterprise High Availability 15
• libmspack
  • SUSE Linux Enterprise Software Development Kit 12-SP5
  • SUSE Linux Enterprise Server 12-SP5
• openldap2
  • SUSE Linux Enterprise Module for Legacy Software 15-SP2
  • SUSE Linux Enterprise Module for Legacy Software 15-SP1
  • SUSE Linux Enterprise Module for Development Tools 15-SP2
  • SUSE Linux Enterprise Module for Development Tools 15-SP1
  • SUSE Linux Enterprise Module for Basesystem 15-SP2
  • SUSE Linux Enterprise Module for Basesystem 15-SP1
• ovmf
  • SUSE Linux Enterprise Server for SAP 15
  • SUSE Linux Enterprise Server 15-LTSS
  • SUSE Linux Enterprise Module for Server Applications 15-SP1
  • SUSE Linux Enterprise High Performance Computing 15-LTSS
  • SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • SUSE OpenStack Cloud Crowbar 9
  • SUSE OpenStack Cloud 9
  • SUSE Linux Enterprise Server for SAP 12-SP4
  • SUSE Linux Enterprise Server 12-SP5
  • SUSE Linux Enterprise Server 12-SP4-LTSS
• grafana
  • SUSE Enterprise Storage 5

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Buffer overflow.
• Cross-site scripting (XSS) attack.

Best practice and Recommendations:

The CERT team encourages users to review SUSE security advisory and apply the necessary updates:

• https://www.suse.com/support/update/announcement/2020/suse-su-20202710-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202711-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202712-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202713-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202714-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20202715-1/