sca-patterns-sle15-1.0.8-2.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11371-1 Final 1 1 2024-06-15T00:00:00Z current 2024-06-15T00:00:00Z 2024-06-15T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z sca-patterns-sle15-1.0.8-2.2 on GA media These are all security issues fixed in the sca-patterns-sle15-1.0.8-2.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11371 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2020-0543/ SUSE CVE CVE-2020-0543 page https://www.suse.com/security/cve/CVE-2020-0548/ SUSE CVE CVE-2020-0548 page https://www.suse.com/security/cve/CVE-2020-12351/ SUSE CVE CVE-2020-12351 page https://www.suse.com/security/cve/CVE-2020-1472/ SUSE CVE CVE-2020-1472 page https://www.suse.com/security/cve/CVE-2020-25705/ SUSE CVE CVE-2020-25705 page openSUSE Tumbleweed sca-patterns-sle15-1.0.8-2.2 sca-patterns-sle15-1.0.8-2.2 as a component of openSUSE Tumbleweed Incomplete cleanup from specific special register read operations in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0543 openSUSE Tumbleweed:sca-patterns-sle15-1.0.8-2.2 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-0543.html CVE-2020-0543 https://bugzilla.suse.com/1154824 SUSE Bug 1154824 https://bugzilla.suse.com/1172205 SUSE Bug 1172205 https://bugzilla.suse.com/1172206 SUSE Bug 1172206 https://bugzilla.suse.com/1172207 SUSE Bug 1172207 https://bugzilla.suse.com/1172770 SUSE Bug 1172770 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 Cleanup errors in some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2020-0548 openSUSE Tumbleweed:sca-patterns-sle15-1.0.8-2.2 moderate 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-0548.html CVE-2020-0548 https://bugzilla.suse.com/1156353 SUSE Bug 1156353 Improper input validation in BlueZ may allow an unauthenticated user to potentially enable escalation of privilege via adjacent access. CVE-2020-12351 openSUSE Tumbleweed:sca-patterns-sle15-1.0.8-2.2 important 5.8 AV:A/AC:L/Au:N/C:P/I:P/A:P To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-12351.html CVE-2020-12351 https://bugzilla.suse.com/1177724 SUSE Bug 1177724 https://bugzilla.suse.com/1177729 SUSE Bug 1177729 https://bugzilla.suse.com/1178397 SUSE Bug 1178397 An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC). An attacker who successfully exploited the vulnerability could run a specially crafted application on a device on the network. To exploit the vulnerability, an unauthenticated attacker would be required to use MS-NRPC to connect to a domain controller to obtain domain administrator access. Microsoft is addressing the vulnerability in a phased two-part rollout. These updates address the vulnerability by modifying how Netlogon handles the usage of Netlogon secure channels. For guidelines on how to manage the changes required for this vulnerability and more information on the phased rollout, see How to manage the changes in Netlogon secure channel connections associated with CVE-2020-1472 (updated September 28, 2020). When the second phase of Windows updates become available in Q1 2021, customers will be notified via a revision to this security vulnerability. If you wish to be notified when these updates are released, we recommend that you register for the security notifications mailer to be alerted of content changes to this advisory. See Microsoft Technical Security Notifications. CVE-2020-1472 openSUSE Tumbleweed:sca-patterns-sle15-1.0.8-2.2 critical 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-1472.html CVE-2020-1472 https://bugzilla.suse.com/1176579 SUSE Bug 1176579 A flaw in ICMP packets in the Linux kernel may allow an attacker to quickly scan open UDP ports. This flaw allows an off-path remote attacker to effectively bypass source port UDP randomization. Software that relies on UDP source port randomization are indirectly affected as well on the Linux Based Products (RUGGEDCOM RM1224: All versions between v5.0 and v6.4, SCALANCE M-800: All versions between v5.0 and v6.4, SCALANCE S615: All versions between v5.0 and v6.4, SCALANCE SC-600: All versions prior to v2.1.3, SCALANCE W1750D: v8.3.0.1, v8.6.0, and v8.7.0, SIMATIC Cloud Connect 7: All versions, SIMATIC MV500 Family: All versions, SIMATIC NET CP 1243-1 (incl. SIPLUS variants): Versions 3.1.39 and later, SIMATIC NET CP 1243-7 LTE EU: Version CVE-2020-25705 openSUSE Tumbleweed:sca-patterns-sle15-1.0.8-2.2 important 5.8 AV:N/AC:M/Au:N/C:P/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-25705.html CVE-2020-25705 https://bugzilla.suse.com/1175721 SUSE Bug 1175721 https://bugzilla.suse.com/1178782 SUSE Bug 1178782 https://bugzilla.suse.com/1178783 SUSE Bug 1178783 https://bugzilla.suse.com/1191790 SUSE Bug 1191790