# Security update for cockpit

Announcement ID: SUSE-SU-2024:2477-1  
Rating: moderate  
References:

  * bsc#1226040

  
Cross-References:

  * CVE-2024-6126

  
CVSS scores:

  * CVE-2024-6126 ( SUSE ):  4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

  
Affected Products:

  * SUSE Linux Enterprise Micro 5.3
  * SUSE Linux Enterprise Micro for Rancher 5.3

  
  
An update that solves one vulnerability can now be installed.

## Description:

This update for cockpit fixes the following issues:

  * CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session()
    (bsc#1226040).

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Linux Enterprise Micro for Rancher 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2024-2477=1

  * SUSE Linux Enterprise Micro 5.3  
    zypper in -t patch SUSE-SLE-Micro-5.3-2024-2477=1

## Package List:

  * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64)
    * cockpit-251.3-150400.8.3.1
    * cockpit-ws-debuginfo-251.3-150400.8.3.1
    * cockpit-debugsource-251.3-150400.8.3.1
    * cockpit-debuginfo-251.3-150400.8.3.1
    * cockpit-ws-251.3-150400.8.3.1
    * cockpit-bridge-251.3-150400.8.3.1
    * cockpit-bridge-debuginfo-251.3-150400.8.3.1
  * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch)
    * cockpit-networkmanager-251.3-150400.8.3.1
    * cockpit-system-251.3-150400.8.3.1
    * cockpit-selinux-251.3-150400.8.3.1
    * cockpit-storaged-251.3-150400.8.3.1
  * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64)
    * cockpit-251.3-150400.8.3.1
    * cockpit-ws-debuginfo-251.3-150400.8.3.1
    * cockpit-debugsource-251.3-150400.8.3.1
    * cockpit-debuginfo-251.3-150400.8.3.1
    * cockpit-ws-251.3-150400.8.3.1
    * cockpit-bridge-251.3-150400.8.3.1
    * cockpit-bridge-debuginfo-251.3-150400.8.3.1
  * SUSE Linux Enterprise Micro 5.3 (noarch)
    * cockpit-networkmanager-251.3-150400.8.3.1
    * cockpit-system-251.3-150400.8.3.1
    * cockpit-selinux-251.3-150400.8.3.1
    * cockpit-storaged-251.3-150400.8.3.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-6126.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1226040

SUSE: 2024:2477-1 moderate: cockpit Security Advisory Updates

July 15, 2024
* bsc#1226040 Cross-References: * CVE-2024-6126

Summary

## This update for cockpit fixes the following issues: * CVE-2024-6126: Fixed Integer overflow in pam_sm_close_session() (bsc#1226040). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Micro for Rancher 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2477=1 * SUSE Linux Enterprise Micro 5.3 zypper in -t patch SUSE-SLE-Micro-5.3-2024-2477=1 ## Package List: * SUSE Linux Enterprise Micro for Rancher 5.3 (aarch64 s390x x86_64) * cockpit-251.3-150400.8.3.1 * cockpit-ws-debuginfo-251.3-150400.8.3.1 * cockpit-debugsource-251.3-150400.8.3.1 * cockpit-debuginfo-251.3-150400.8.3.1 * cockpit-ws-251.3-150400.8.3.1 * cockpit-bridge-251.3-150400.8.3.1 * cockpit-bridge-debuginfo-251.3-150400.8.3.1 * SUSE Linux Enterprise Micro for Rancher 5.3 (noarch) * cockpit-networkmanager-251.3-150400.8.3.1 * cockpit-system-251.3-150400.8.3.1 * cockpit-selinux-251.3-150400.8.3.1 * cockpit-storaged-251.3-150400.8.3.1 * SUSE Linux Enterprise Micro 5.3 (aarch64 s390x x86_64) * cockpit-251.3-150400.8.3.1 * cockpit-ws-debuginfo-251.3-150400.8.3.1 * cockpit-debugsource-251.3-150400.8.3.1 * cockpit-debuginfo-251.3-150400.8.3.1 * cockpit-ws-251.3-150400.8.3.1 * cockpit-bridge-251.3-150400.8.3.1 * cockpit-bridge-debuginfo-251.3-150400.8.3.1 * SUSE Linux Enterprise Micro 5.3 (noarch) * cockpit-networkmanager-251.3-150400.8.3.1 * cockpit-system-251.3-150400.8.3.1 * cockpit-selinux-251.3-150400.8.3.1 * cockpit-storaged-251.3-150400.8.3.1

References

* bsc#1226040

Cross-

* CVE-2024-6126

CVSS scores:

* CVE-2024-6126 ( SUSE ): 4.7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise Micro 5.3

* SUSE Linux Enterprise Micro for Rancher 5.3

An update that solves one vulnerability can now be installed.

##

* https://www.suse.com/security/cve/CVE-2024-6126.html

* https://bugzilla.suse.com/show_bug.cgi?id=1226040

Severity
Announcement ID: SUSE-SU-2024:2477-1
Rating: moderate

Related News

Microsoft Update Mayhem: Rescuing Linux Dual-Boot Systems from Secure Boot Woes
2 - 4 min read
Microsoft's recent patch, intended to strengthen Secure Boot defenses, has resulted in an unexpected setback for Linux-Windows dual-boot setups
Navigating the Linux Kernel
2 - 4 min read
The Linux operating system, widely acclaimed for its robustness and security , recently received widespread media attention due to a significant
The Anatomy of SLUBStick: Dissecting the Linux Vulnerability That Grants Full System Control
2 - 4 min read
The Linux kernel, the central nervous system of many devices worldwide, interfaces computer hardware and its processes and user processes. Because
Staying a Step Ahead of Adversaries: Mitigating Chromium
2 - 4 min read
Google Chrome, one of the world's most widely used web browsers, has recently been scrutinized due to the discovery of multiple Chromium
Why Every Business Needs Professional Cybersecurity Services
5 - 10 min read
In modern business, Linux and open-source software form the backbone of countless enterprises, driving the engine behind essential applications and
Exploring AI Integration in Business Operations
3 - 6 min read
Artificial Intelligence in business is slowly becoming the norm and necessary in the competitive struggle. Today, it is a powerful tool for
Navigating the Future of Cybersecurity: Insights & Trends for 2024
4 - 7 min read
In an era where digital transformation is accelerating at an unprecedented pace, cybersecurity has become a critical battleground for businesses and
Tails 6.6 Released: Unpacking Key Features & Updates
2 - 4 min read
Tails (The Amnesic Incognito Live System) offers hope to privacy activists and anyone seeking anonymity online. A live operating system and secure

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved