Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE: 2020:0410-1 Important: Wicked Memory Leak and DoS Fix

suse
Calendar Grey February 19, 2020
Dist Suse Esm H88
A recent patch addresses four significant security flaws in wicked impacting both SUSE OpenStack and Linux Enterprise Server. For more information, continue reading.
An update that fixes four vulnerabilities is now available

Summary

This update for wicked fixes the following issues: - CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903). - CVE-2019-18903: Fixed a use-after-free when receiving invalid DHCP6 IA_PD option (bsc#1160904). - CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905). - CVE-2020-7217: Fixed a memory leak in DHCP4 fsm when processing packets for other client ids (bsc#1160906). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE OpenStack Cloud Crowbar 8:

Topics%20covered

Topics Covered

security advisory denial of service critical memory leak DHCP SUSE wicked

References

#1160903 #1160904 #1160905 #1160906

Cross- CVE-2019-18902 CVE-2019-18903 CVE-2020-7216

CVE-2020-7217

Affected Products:

SUSE OpenStack Cloud Crowbar 8

SUSE OpenStack Cloud 8

SUSE OpenStack Cloud 7

SUSE Linux Enterprise Server for SAP 12-SP3

SUSE Linux Enterprise Server for SAP 12-SP2

SUSE Linux Enterprise Server 12-SP3-LTSS

SUSE Linux Enterprise Server 12-SP3-BCL

SUSE Linux Enterprise Server 12-SP2-LTSS

SUSE Linux Enterprise Server 12-SP2-BCL

SUSE Enterprise Storage 5

SUSE CaaS Platform 3.0

HPE Helion Openstack 8

https://www.suse.com/security/cve/CVE-2019-18902.html

https://www.suse.com/security/cve/CVE-2019-18903.html

https://www.suse.com/security/cve/CVE-2020-7216.html

https://www.suse.com/security/cve/CVE-2020-7217.html

...

Read the Full Advisory

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2020:0410-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service critical memory leak DHCP SUSE wicked

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here