teleport-17.0.3-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2024:14544-1 Final 1 1 2024-12-04T00:00:00Z current 2024-12-04T00:00:00Z 2024-12-04T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z teleport-17.0.3-1.1 on GA media These are all security issues fixed in the teleport-17.0.3-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2024-14544 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4BHO6Y3CLIIC56622OVIQ4IETYGDAI4A/ E-Mail link for openSUSE-SU-2024:14544-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2024-53259/ SUSE CVE CVE-2024-53259 page openSUSE Tumbleweed teleport-17.0.3-1.1 teleport-bash-completion-17.0.3-1.1 teleport-fdpass-teleport-17.0.3-1.1 teleport-tbot-17.0.3-1.1 teleport-tbot-bash-completion-17.0.3-1.1 teleport-tbot-zsh-completion-17.0.3-1.1 teleport-tctl-17.0.3-1.1 teleport-tctl-bash-completion-17.0.3-1.1 teleport-tctl-zsh-completion-17.0.3-1.1 teleport-tsh-17.0.3-1.1 teleport-tsh-bash-completion-17.0.3-1.1 teleport-tsh-zsh-completion-17.0.3-1.1 teleport-zsh-completion-17.0.3-1.1 teleport-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-bash-completion-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-fdpass-teleport-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tbot-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tbot-bash-completion-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tbot-zsh-completion-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tctl-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tctl-bash-completion-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tctl-zsh-completion-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tsh-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tsh-bash-completion-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-tsh-zsh-completion-17.0.3-1.1 as a component of openSUSE Tumbleweed teleport-zsh-completion-17.0.3-1.1 as a component of openSUSE Tumbleweed quic-go is an implementation of the QUIC protocol in Go. An off-path attacker can inject an ICMP Packet Too Large packet. Since affected quic-go versions used IP_PMTUDISC_DO, the kernel would then return a "message too large" error on sendmsg, i.e. when quic-go attempts to send a packet that exceeds the MTU claimed in that ICMP packet. By setting this value to smaller than 1200 bytes (the minimum MTU for QUIC), the attacker can disrupt a QUIC connection. Crucially, this can be done after completion of the handshake, thereby circumventing any TCP fallback that might be implemented on the application layer (for example, many browsers fall back to HTTP over TCP if they're unable to establish a QUIC connection). The attacker needs to at least know the client's IP and port tuple to mount an attack. This vulnerability is fixed in 0.48.2. CVE-2024-53259 openSUSE Tumbleweed:teleport-17.0.3-1.1 openSUSE Tumbleweed:teleport-bash-completion-17.0.3-1.1 openSUSE Tumbleweed:teleport-fdpass-teleport-17.0.3-1.1 openSUSE Tumbleweed:teleport-tbot-17.0.3-1.1 openSUSE Tumbleweed:teleport-tbot-bash-completion-17.0.3-1.1 openSUSE Tumbleweed:teleport-tbot-zsh-completion-17.0.3-1.1 openSUSE Tumbleweed:teleport-tctl-17.0.3-1.1 openSUSE Tumbleweed:teleport-tctl-bash-completion-17.0.3-1.1 openSUSE Tumbleweed:teleport-tctl-zsh-completion-17.0.3-1.1 openSUSE Tumbleweed:teleport-tsh-17.0.3-1.1 openSUSE Tumbleweed:teleport-tsh-bash-completion-17.0.3-1.1 openSUSE Tumbleweed:teleport-tsh-zsh-completion-17.0.3-1.1 openSUSE Tumbleweed:teleport-zsh-completion-17.0.3-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4BHO6Y3CLIIC56622OVIQ4IETYGDAI4A/ https://www.suse.com/security/cve/CVE-2024-53259.html CVE-2024-53259