SUSE: 2020:0351-1 Important: Wicked Memory Leak and DoS Issues
suse
February 6, 2020
An update that solves four vulnerabilities and has one errata is now available
Summary
This update for wicked fixes the following issues: Security issues fixed: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Non-security issue fixed: - dhcp4: Fixed an intermittent hang during network setup by cleaning up the defer timer pointer (bsc#1142214). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods
References
#1142214 #1160903 #1160904 #1160905 #1160906
Cross- CVE-2019-18902 CVE-2019-18903 CVE-2020-7216
CVE-2020-7217
Affected Products:
SUSE Linux Enterprise Server 12-SP5
https://www.suse.com/security/cve/CVE-2019-18902.html
https://www.suse.com/security/cve/CVE-2019-18903.html
https://www.suse.com/security/cve/CVE-2020-7216.html
https://www.suse.com/security/cve/CVE-2020-7217.html
https://bugzilla.suse.com/1142214
https://bugzilla.suse.com/1160903
https://bugzilla.suse.com/1160904
https://bugzilla.suse.com/1160905
https://bugzilla.suse.com/1160906
PREVIOUS 
NEXT Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2020:0351-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!