cockpit-320-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14096-1 Final 1 1 2024-07-04T00:00:00Z current 2024-07-04T00:00:00Z 2024-07-04T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z cockpit-320-1.1 on GA media These are all security issues fixed in the cockpit-320-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14096 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-6126/ SUSE CVE CVE-2024-6126 page openSUSE Tumbleweed cockpit-320-1.1 cockpit-bridge-320-1.1 cockpit-devel-320-1.1 cockpit-doc-320-1.1 cockpit-kdump-320-1.1 cockpit-networkmanager-320-1.1 cockpit-packagekit-320-1.1 cockpit-pcp-320-1.1 cockpit-selinux-320-1.1 cockpit-storaged-320-1.1 cockpit-system-320-1.1 cockpit-ws-320-1.1 cockpit-320-1.1 as a component of openSUSE Tumbleweed cockpit-bridge-320-1.1 as a component of openSUSE Tumbleweed cockpit-devel-320-1.1 as a component of openSUSE Tumbleweed cockpit-doc-320-1.1 as a component of openSUSE Tumbleweed cockpit-kdump-320-1.1 as a component of openSUSE Tumbleweed cockpit-networkmanager-320-1.1 as a component of openSUSE Tumbleweed cockpit-packagekit-320-1.1 as a component of openSUSE Tumbleweed cockpit-pcp-320-1.1 as a component of openSUSE Tumbleweed cockpit-selinux-320-1.1 as a component of openSUSE Tumbleweed cockpit-storaged-320-1.1 as a component of openSUSE Tumbleweed cockpit-system-320-1.1 as a component of openSUSE Tumbleweed cockpit-ws-320-1.1 as a component of openSUSE Tumbleweed A flaw was found in the cockpit package. This flaw allows an authenticated user to kill any process when enabling the pam_env's user_readenv option, which leads to a denial of service (DoS) attack. CVE-2024-6126 openSUSE Tumbleweed:cockpit-320-1.1 openSUSE Tumbleweed:cockpit-bridge-320-1.1 openSUSE Tumbleweed:cockpit-devel-320-1.1 openSUSE Tumbleweed:cockpit-doc-320-1.1 openSUSE Tumbleweed:cockpit-kdump-320-1.1 openSUSE Tumbleweed:cockpit-networkmanager-320-1.1 openSUSE Tumbleweed:cockpit-packagekit-320-1.1 openSUSE Tumbleweed:cockpit-pcp-320-1.1 openSUSE Tumbleweed:cockpit-selinux-320-1.1 openSUSE Tumbleweed:cockpit-storaged-320-1.1 openSUSE Tumbleweed:cockpit-system-320-1.1 openSUSE Tumbleweed:cockpit-ws-320-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2024-6126.html CVE-2024-6126 https://bugzilla.suse.com/1226040 SUSE Bug 1226040