Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

SUSE: 2021:4020-3 Urgent: Tackling OpenSSL TLS Vulnerabilities and Concerns

suse
Calendar Grey December 14, 2021
Dist Suse Esm H88
SUSE upgrades provide enhancements to fetchmail, addressing vulnerabilities related to Denial of Service and encryption evasion, thereby improving system safety and performance.
An update that solves two vulnerabilities, contains three features and has four fixes is now available

Summary

This update for fetchmail fixes the following issues: - CVE-2021-36386: Fixed DoS or information disclosure in some configurations (bsc#1188875). - CVE-2021-39272: Fixed STARTTLS session encryption bypassing (fetchmail-SA-2021-02) (bsc#1190069). - Update to 6.4.22 (bsc#1152964, jsc#SLE-18159, jsc#SLE-17903, jsc#SLE-18059) - Remove all python2 dependencies (bsc#1190896). - De-hardcode /usr/lib path for launch executable (bsc#1174075). - Added hardening to systemd service(s) (bsc#1181400). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server for SAP 15-SP1:

Topics%20covered

Topics Covered

security advisory fetchmail encryption DoS vulnerability system update SUSE

References

#1152964 #1174075 #1181400 #1188875 #1190069

#1190896 SLE-17903 SLE-18059 SLE-18159

Cross- CVE-2021-36386 CVE-2021-39272

CVSS scores:

CVE-2021-36386 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-36386 (SUSE): 5.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

CVE-2021-39272 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products:

SUSE Linux Enterprise Server for SAP 15-SP1

SUSE Linux Enterprise Server for SAP 15

SUSE Linux Enterprise Server 15-SP1-LTSS

SUSE Linux Enterprise Server 15-SP1-BCL

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Module for Desktop Applications 15-SP3

SUSE Linux Enterprise Module for Desktop Applications 15-SP2

SUSE Linux Enterprise Module for Basesystem 15-SP3

Announcement ID: SUSE-SU-2021:4018-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory fetchmail encryption DoS vulnerability system update SUSE

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here