wicked-0.6.66-1.2 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:11511 Final 1 1 2024-06-17T21:45:33Z current 2024-06-17T21:45:33Z 2024-06-17T21:45:33Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z wicked-0.6.66-1.2 on GA media These are all security issues fixed in the wicked-0.6.66-1.2 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-11511 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) E-Mail link for openSUSE-SU-2024:11511 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2019-18902/ SUSE CVE CVE-2019-18902 page https://www.suse.com/security/cve/CVE-2019-18903/ SUSE CVE CVE-2019-18903 page https://www.suse.com/security/cve/CVE-2020-7216/ SUSE CVE CVE-2020-7216 page https://www.suse.com/security/cve/CVE-2020-7217/ SUSE CVE CVE-2020-7217 page openSUSE Tumbleweed wicked-0.6.66-1.2 wicked-service-0.6.66-1.2 wicked-0.6.66-1.2 as a component of openSUSE Tumbleweed wicked-service-0.6.66-1.2 as a component of openSUSE Tumbleweed A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1. openSUSE Factory wicked versions prior to 0.6.62. CVE-2019-18902 openSUSE Tumbleweed:wicked-0.6.66-1.2 openSUSE Tumbleweed:wicked-service-0.6.66-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-18902.html CVE-2019-18902 https://bugzilla.suse.com/1160903 SUSE Bug 1160903 A Use After Free vulnerability in wicked of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15; openSUSE Leap 15.1, Factory allows remote attackers to cause DoS or potentially code execution. This issue affects: SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-2.18.1. SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-28.26.1. openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.9.1. openSUSE Factory wicked versions prior to 0.6.62. CVE-2019-18903 openSUSE Tumbleweed:wicked-0.6.66-1.2 openSUSE Tumbleweed:wicked-service-0.6.66-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2019-18903.html CVE-2019-18903 https://bugzilla.suse.com/1160904 SUSE Bug 1160904 An ni_dhcp4_parse_response memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets without a message type option. CVE-2020-7216 openSUSE Tumbleweed:wicked-0.6.66-1.2 openSUSE Tumbleweed:wicked-service-0.6.66-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7216.html CVE-2020-7216 https://bugzilla.suse.com/1160905 SUSE Bug 1160905 An ni_dhcp4_fsm_process_dhcp4_packet memory leak in openSUSE wicked 0.6.55 and earlier allows network attackers to cause a denial of service by sending DHCP4 packets with a different client-id. CVE-2020-7217 openSUSE Tumbleweed:wicked-0.6.66-1.2 openSUSE Tumbleweed:wicked-service-0.6.66-1.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2020-7217.html CVE-2020-7217 https://bugzilla.suse.com/1160906 SUSE Bug 1160906