Description:

SUSE has released security updates to address multiple vulnerabilities in the following products:

• SUSE Linux Enterprise Module for Python2 15-SP1
  • samba
  • python
• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1
  • samba
  • slurm
  • java-1_8_0-openjdk
  • python
• SUSE Linux Enterprise Module for Basesystem 15-SP1
  • samba
  • python
• SUSE Linux Enterprise High Availability 15-SP1
  • samba
• SUSE Enterprise Storage 6
  • samba
• SUSE Linux Enterprise Server for SAP 15
  • samba
  • java-1_8_0-openjdk
• SUSE Linux Enterprise Server 15-LTSS
  • samba
  • java-1_8_0-openjdk
• SUSE Linux Enterprise Module for Packagehub Subpackages 15
  • samba
  • java-1_8_0-openjdk
• SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
  • samba
  • tomcat
  • slurm
  • java-1_8_0-openjdk
  • python
• SUSE Linux Enterprise Module for Basesystem 15
  • samba
  • python
• SUSE Linux Enterprise High Performance Computing 15-LTSS
  • samba
• SUSE Linux Enterprise High Performance Computing 15-ESPOS
  • samba
• SUSE Linux Enterprise High Availability 15
  • samba
• SUSE Linux Enterprise Module for Web Scripting 15
  • tomcat
• SUSE Linux Enterprise Module for HPC 15-SP1
  • slurm
• SUSE Linux Enterprise Module for HPC 15
  • slurm
• SUSE Linux Enterprise Module for Legacy Software 15-SP1
  • java-1_8_0-openjdk
• SUSE Linux Enterprise Module for Legacy Software 15
  • java-1_8_0-openjdk
• SUSE OpenStack Cloud Crowbar 8
  • samba
• SUSE OpenStack Cloud 8
  • samba
• SUSE Linux Enterprise Software Development Kit 12-SP4
  • samba
• SUSE Linux Enterprise Server for SAP 12-SP3
  • samba
• SUSE Linux Enterprise Server 12-SP4
  • samba
• SUSE Linux Enterprise Server 12-SP3-LTSS
  • samba
• SUSE Linux Enterprise Server 12-SP3-BCL
  • samba
• SUSE Linux Enterprise High Availability 12-SP4
  • samba
• SUSE Linux Enterprise High Availability 12-SP3
  • samba
• SUSE Linux Enterprise Desktop 12-SP4
  • samba
• SUSE Enterprise Storage 5
  • samba
• HPE Helion Openstack 8
  • samba
• SUSE Linux Enterprise Module for Desktop Applications 15-SP1
  • python
• SUSE Linux Enterprise Module for Desktop Applications 15
  • python

Threats:

Attacker could exploit these vulnerabilities by doing the following:

• Crash the system.
• Privilege escalation.

Best practice and Recommendations:

The CERT team encourages users to review SUSE security advisory and apply the necessary updates:

• https://www.suse.com/support/update/announcement/2020/suse-su-20200223-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200224-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200226-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200228-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200231-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200233-1/
• https://www.suse.com/support/update/announcement/2020/suse-su-20200234-1/