Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:14888-2 Critical: OpenSSL Heartbeat Vulnerability Patch

suse
Calendar Grey February 18, 2022
Dist Suse Esm H88
An update has resolved four vulnerabilities in strongswan, highlighting an authentication bypass and input validation flaws. Follow the instructions below to apply these patches
An update that fixes four vulnerabilities is now available

Summary

This update for strongswan fixes the following issues: - CVE-2018-16151: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-16152: Fixed flaws in gmp plugin that could lead to authorization bypass. (bsc#1107874) - CVE-2018-17540: Fixed insufficient input validation in gmp plugin. (bsc#1109845) - CVE-2021-45079: Fixed authentication bypass in EAP authentication. (bsc#1194471) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-LTSS: zypper in -t patch slessp4-strongswan-14887=1 - SUSE Linux Enterprise Point of Sale 11-SP3:

Topics%20covered

Topics Covered

security advisory patch important SUSE authentication bypass gmp plugin validation flaw

References

#1107874 #1109845 #1194471

Cross- CVE-2018-16151 CVE-2018-16152 CVE-2018-17540

CVE-2021-45079

CVSS scores:

CVE-2018-16151 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2018-16151 (SUSE): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2018-16152 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVE-2018-16152 (SUSE): 4.8 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2018-17540 (NVD) : 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2018-17540 (SUSE): 7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

CVE-2021-45079 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

CVE-2021-45079 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

Affected Products:

SUSE Linux Enterprise Debuginfo 11-SP3

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:14887-1
Rating: important

Topics%20covered

Topics Covered

security advisory patch important SUSE authentication bypass gmp plugin validation flaw

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here