SUSE: 2022:3384-1 Severe: OpenSSH Vulnerability Resolution
suse
September 26, 2022
An update that solves one vulnerability, contains one feature and has four fixes is now available
Summary
This update for vsftpd fixes the following issues: - CVE-2021-3618: Enforced security checks against ALPACA attack (PM-3322, bsc#1187686, bsc#1187678). Bugfixes: - Fixed a seccomp failure in FIPS mode when SSL was enabled (bsc#1052900). - Allowed wait4() to be called so that the broker can wait for its child processes (bsc#1021387). - Allowed sendto() syscall when /dev/log support is enabled (bsc#786024). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 12-SP5: zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3383=1 Package List: - SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
References
#1021387 #1052900 #1187678 #1187686 #786024
PM-3322
Cross- CVE-2021-3618
CVSS scores:
CVE-2021-3618 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
CVE-2021-3618 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected Products:
SUSE Linux Enterprise Server 12-SP5
https://www.suse.com/security/cve/CVE-2021-3618.html
https://bugzilla.suse.com/1021387
https://bugzilla.suse.com/1052900
https://bugzilla.suse.com/1187678
https://bugzilla.suse.com/1187686
https://bugzilla.suse.com/786024
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2022:3383-1
Rating: important
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!