benji-0.15.0-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:10649-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z benji-0.15.0-1.2 on GA media These are all security issues fixed in the benji-0.15.0-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-10649 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2021-20288/ SUSE CVE CVE-2021-20288 page openSUSE Tumbleweed benji-0.15.0-1.2 benji-0.15.0-1.2 as a component of openSUSE Tumbleweed An authentication flaw was found in ceph in versions before 14.2.20. When the monitor handles CEPHX_GET_AUTH_SESSION_KEY requests, it doesn't sanitize other_keys, allowing key reuse. An attacker who can request a global_id can exploit the ability of any user to request a global_id previously associated with another user, as ceph does not force the reuse of old keys to generate new ones. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. CVE-2021-20288 openSUSE Tumbleweed:benji-0.15.0-1.2 important 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2021-20288.html CVE-2021-20288 https://bugzilla.suse.com/1183074 SUSE Bug 1183074 https://bugzilla.suse.com/1205049 SUSE Bug 1205049