Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2021:1952-1 Moderate Fix for Csync2 TLS Security Issues

suse
Calendar Grey June 10, 2021
Dist Suse Esm H88
Patch released for csync2, resolving TLS handshake problems and reinforcing compatibility with SUSE Linux High Availability systems.
An update that fixes two vulnerabilities is now available

Summary

This update for csync2 fixes the following issues: - CVE-2019-15522: Fixed an issue where daemon fails to enforce TLS (bsc#1147137) - CVE-2019-15523: Fixed an incorrect TLS handshake error handling (bsc#1147139) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise High Availability 12-SP5: zypper in -t patch SUSE-SLE-HA-12-SP5-2021-1952=1 - SUSE Linux Enterprise High Availability 12-SP4: zypper in -t patch SUSE-SLE-HA-12-SP4-2021-1952=1 - SUSE Linux Enterprise High Availability 12-SP3: zypper in -t patch SUSE-SLE-HA-12-SP3-2021-1952=1 Package List: - SUSE Linux Enterprise High Availability 12-SP5 (ppc64le s390x x86_64):

Topics%20covered

Topics Covered

security advisory moderate update suse tls issue daemon enforcement

References

#1147137 #1147139

Cross- CVE-2019-15522 CVE-2019-15523

CVSS scores:

CVE-2019-15522 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2019-15522 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2019-15523 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2019-15523 (SUSE): 2.6 CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N

Affected Products:

SUSE Linux Enterprise High Availability 12-SP5

SUSE Linux Enterprise High Availability 12-SP4

SUSE Linux Enterprise High Availability 12-SP3

https://www.suse.com/security/cve/CVE-2019-15522.html

https://www.suse.com/security/cve/CVE-2019-15523.html

https://bugzilla.suse.com/1147137

https://bugzilla.suse.com/1147139

Announcement ID: SUSE-SU-2021:1952-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update suse tls issue daemon enforcement

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here