Alerts This Week
Warning Icon 1 923
Alerts This Week
Warning Icon 1 923

SUSE Linux Enterprise Server 12-SP3-BCL: 2022:2886-1 Critical: glibc DoS

suse
Calendar Grey August 24, 2022
Dist Suse Esm H88
SUSE Security Patch for openssl addresses various vulnerabilities, improving security measures on SUSE Linux Enterprise Server installations.
An update that fixes 7 vulnerabilities is now available

Summary

This update for glibc fixes the following issues: Security issues fixed: - CVE-2015-5180: Fix crash with internal QTYPE in resolv (bsc#941234, BZ #18784) - CVE-2016-10228: Rewrite iconv option parsing (bsc#1027496, BZ #19519) - CVE-2019-25013: Fix buffer overrun in EUC-KR conversion module (bsc#1182117, BZ #24973) - CVE-2020-27618: Accept redundant shift sequences in IBM1364 iconv module (bsc#1178386, BZ #26224) - CVE-2020-29562: Fix incorrect UCS4 inner loop bounds in iconv (bsc#1179694, BZ #26923) - CVE-2020-29573: Hardened printf against non-normal long double values (bsc#1179721, BZ #26649) - CVE-2021-3326: Fix assertion failure in ISO-2022-JP-3 gconv module (bsc#1181505, BZ #27256) - Recognize ppc64p7 arch to build for power7 Patch Instructions:

Topics%20covered

Topics Covered

security advisory security issue critical DoS important glibc SUSE Linux Enterprise Server

References

#1027496 #1178386 #1179694 #1179721 #1181505

#1182117 #941234

Cross- CVE-2015-5180 CVE-2016-10228 CVE-2019-25013

CVE-2020-27618 CVE-2020-29562 CVE-2020-29573

CVE-2021-3326

CVSS scores:

CVE-2016-10228 (NVD) : 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2016-10228 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2019-25013 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-25013 (SUSE): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-27618 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CVE-2020-27618 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

CVE-2020-29562 (NVD) : 4.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:2886-1
Rating: important

Topics%20covered

Topics Covered

security advisory security issue critical DoS important glibc SUSE Linux Enterprise Server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here