libwsman-devel-2.7.0-2.10 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11130 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z libwsman-devel-2.7.0-2.10 on GA media These are all security issues fixed in the libwsman-devel-2.7.0-2.10 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11130 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11130 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2016-2183/ SUSE CVE CVE-2016-2183 page https://www.suse.com/security/cve/CVE-2019-3816/ SUSE CVE CVE-2019-3816 page openSUSE Tumbleweed libwsman-devel-2.7.0-2.10 libwsman3-2.7.0-2.10 libwsman_client5-2.7.0-2.10 libwsman_clientpp-devel-2.7.0-2.10 libwsman_clientpp1-2.7.0-2.10 openwsman-java-2.7.0-2.10 openwsman-perl-2.7.0-2.10 openwsman-ruby-2.7.0-2.10 openwsman-ruby-docs-2.7.0-2.10 openwsman-server-2.7.0-2.10 openwsman-server-plugin-ruby-2.7.0-2.10 python3-openwsman-2.7.0-2.10 winrs-2.7.0-2.10 libwsman-devel-2.7.0-2.10 as a component of openSUSE Tumbleweed libwsman3-2.7.0-2.10 as a component of openSUSE Tumbleweed libwsman_client5-2.7.0-2.10 as a component of openSUSE Tumbleweed libwsman_clientpp-devel-2.7.0-2.10 as a component of openSUSE Tumbleweed libwsman_clientpp1-2.7.0-2.10 as a component of openSUSE Tumbleweed openwsman-java-2.7.0-2.10 as a component of openSUSE Tumbleweed openwsman-perl-2.7.0-2.10 as a component of openSUSE Tumbleweed openwsman-ruby-2.7.0-2.10 as a component of openSUSE Tumbleweed openwsman-ruby-docs-2.7.0-2.10 as a component of openSUSE Tumbleweed openwsman-server-2.7.0-2.10 as a component of openSUSE Tumbleweed openwsman-server-plugin-ruby-2.7.0-2.10 as a component of openSUSE Tumbleweed python3-openwsman-2.7.0-2.10 as a component of openSUSE Tumbleweed winrs-2.7.0-2.10 as a component of openSUSE Tumbleweed The DES and Triple DES ciphers, as used in the TLS, SSH, and IPSec protocols and other protocols and products, have a birthday bound of approximately four billion blocks, which makes it easier for remote attackers to obtain cleartext data via a birthday attack against a long-duration encrypted session, as demonstrated by an HTTPS session using Triple DES in CBC mode, aka a "Sweet32" attack. CVE-2016-2183 openSUSE Tumbleweed:libwsman-devel-2.7.0-2.10 openSUSE Tumbleweed:libwsman3-2.7.0-2.10 openSUSE Tumbleweed:libwsman_client5-2.7.0-2.10 openSUSE Tumbleweed:libwsman_clientpp-devel-2.7.0-2.10 openSUSE Tumbleweed:libwsman_clientpp1-2.7.0-2.10 openSUSE Tumbleweed:openwsman-java-2.7.0-2.10 openSUSE Tumbleweed:openwsman-perl-2.7.0-2.10 openSUSE Tumbleweed:openwsman-ruby-2.7.0-2.10 openSUSE Tumbleweed:openwsman-ruby-docs-2.7.0-2.10 openSUSE Tumbleweed:openwsman-server-2.7.0-2.10 openSUSE Tumbleweed:openwsman-server-plugin-ruby-2.7.0-2.10 openSUSE Tumbleweed:python3-openwsman-2.7.0-2.10 openSUSE Tumbleweed:winrs-2.7.0-2.10 moderate 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2016-2183.html CVE-2016-2183 https://bugzilla.suse.com/1001912 SUSE Bug 1001912 https://bugzilla.suse.com/1024218 SUSE Bug 1024218 https://bugzilla.suse.com/1027038 SUSE Bug 1027038 https://bugzilla.suse.com/1034689 SUSE Bug 1034689 https://bugzilla.suse.com/1056614 SUSE Bug 1056614 https://bugzilla.suse.com/1171693 SUSE Bug 1171693 https://bugzilla.suse.com/994844 SUSE Bug 994844 https://bugzilla.suse.com/995359 SUSE Bug 995359 Openwsman, versions up to and including 2.6.9, are vulnerable to arbitrary file disclosure because the working directory of openwsmand daemon was set to root directory. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted HTTP request to openwsman server. CVE-2019-3816 openSUSE Tumbleweed:libwsman-devel-2.7.0-2.10 openSUSE Tumbleweed:libwsman3-2.7.0-2.10 openSUSE Tumbleweed:libwsman_client5-2.7.0-2.10 openSUSE Tumbleweed:libwsman_clientpp-devel-2.7.0-2.10 openSUSE Tumbleweed:libwsman_clientpp1-2.7.0-2.10 openSUSE Tumbleweed:openwsman-java-2.7.0-2.10 openSUSE Tumbleweed:openwsman-perl-2.7.0-2.10 openSUSE Tumbleweed:openwsman-ruby-2.7.0-2.10 openSUSE Tumbleweed:openwsman-ruby-docs-2.7.0-2.10 openSUSE Tumbleweed:openwsman-server-2.7.0-2.10 openSUSE Tumbleweed:openwsman-server-plugin-ruby-2.7.0-2.10 openSUSE Tumbleweed:python3-openwsman-2.7.0-2.10 openSUSE Tumbleweed:winrs-2.7.0-2.10 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-3816.html CVE-2019-3816 https://bugzilla.suse.com/1122623 SUSE Bug 1122623