opensuse-su-2022:0016-1
Vulnerability from csaf_opensuse
Published
2022-01-17 20:11
Modified
2022-01-17 20:11
Summary
Security update for watchman
Notes
Title of the patch
Security update for watchman
Description of the patch
This update for watchman fixes the following issues:
- ship README.suse that explains how to use the template systemd units
- add user writable bit for systemd service and socket files
- properly handle state directory creation in /run/watchman/$USER-state. The
former approach was susceptible to a local privilege escalation using
symlinks (CVE-2022-21944, boo#1194470).
- Added hardening to systemd service(s) (boo#1181400). Modified:
* watchman@.service
- removed python2 bindings
- enabled python3 bindings as python3-watchman
- Changes in 4.8.0:
* New command `flush-subscriptions` to synchronize subscriptions associated
with the current session.
* Enforce socket Unix groups more strongly — Watchman will now refuse to start
if it couldn't gain the right group memberships, as can happen for sites that
are experiencing intermittent LDAP connectivity problems.
* pywatchman now officially supports Python 3. pywatchman will return Unicode
strings (possibly with surrogate escapes) by default, but can optionally return
bytestrings. Note that on Python 3, pywatchman requires Watchman 4.8 and above.
The Python 2 interface and requirements remain unchanged.
* Prior to 4.8, methods on the Java WatchmanClient that returned
ListenableFutures would swallow exceptions and hang in an unfinished state
under situations like socket closure or thread death. This has been fixed, and
now ListenableFutures propagate exception conditions immediately. (Note that
this is typically unrecoverable, and users should create a new WatchmanClient
to re-establish communication with Watchman.) See #412.
* The minimum Java version for the Watchman Java client has always been 1.7,
but it was incorrectly described to be 1.6. The Java client's build file has
been fixed accordingly.
* Watchman was converted from C to C++. The conversion exposed several
concurrency bugs, all of which have now been fixed.
* Subscription queries are now executed in the context of the client thread,
which means that subscriptions are dispatched in parallel. Previously,
subscriptions would be serially dispatched and block the disk IO thread.
* Triggers are now dispatched in parallel and waits are managed in their own
threads (one thread per trigger). This improves concurrency and resolves a
couple of waitpid related issues where watchman may not reap spawned children
in a timely fashion, or may spin on CPU until another child is spawned.
* Fixed an object lifecycle management issue that could cause a crash when
aging out old/transient files.
* Implement an upgraded wire protocol, BSERv2, on the server and in pywatchman.
BSERv2 can carry information about string encoding over the wire. This lets
pywatchman convert to Unicode strings on Python 3. Clients and servers know how
to transparently fall back to BSERv1.
- Changes in 4.9.0:
* New field: `content.sha1hex`. This field expands to the SHA1 hash of
the file contents, expressed in hex digits (40 character hex string).
Watchman maintains a cache of the content hashes and can compute the
hash on demand and also heuristically as files are changed. This is
useful for tooling that wants to perform more intelligent cache invalidation
or build artifact fetching from content addressed storage.
* Fixed an issue that resulted in the perf logging thread deadlocking when
`perf_logger_command` is enabled in the global configuration
* Fixed an issue where queries larger than 1MB would likely result in
a PDU error response.
* Reduced lock contention for subscriptions that do no use the advanced
settling (`drop`, `defer`) options.
* Fixed `since` generator behavior when using unix timestamps rather than
the preferred clock string syntax
* Improved the reporting of 'new' files in watchman results
* Improved performance of handling changes on case insensitive filesystems
* pywatchman: the python wheel format is used for publishing watchman pypi package
* pywatchman: now watchman path is configurable in python client
* pywatchman: now python client can be used as a context manager
Patchnames
openSUSE-2022-16
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for watchman",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for watchman fixes the following issues:\n\n- ship README.suse that explains how to use the template systemd units\n- add user writable bit for systemd service and socket files\n- properly handle state directory creation in /run/watchman/$USER-state. The\n former approach was susceptible to a local privilege escalation using\n symlinks (CVE-2022-21944, boo#1194470).\n\n- Added hardening to systemd service(s) (boo#1181400). Modified:\n * watchman@.service\n\n- removed python2 bindings\n- enabled python3 bindings as python3-watchman\n\n- Changes in 4.8.0:\n\n * New command `flush-subscriptions` to synchronize subscriptions associated\n with the current session.\n * Enforce socket Unix groups more strongly \u2014 Watchman will now refuse to start\n if it couldn\u0027t gain the right group memberships, as can happen for sites that\n are experiencing intermittent LDAP connectivity problems.\n * pywatchman now officially supports Python 3. pywatchman will return Unicode\n strings (possibly with surrogate escapes) by default, but can optionally return\n bytestrings. Note that on Python 3, pywatchman requires Watchman 4.8 and above.\n The Python 2 interface and requirements remain unchanged.\n * Prior to 4.8, methods on the Java WatchmanClient that returned\n \tListenableFutures would swallow exceptions and hang in an unfinished state\n \tunder situations like socket closure or thread death. This has been fixed, and\n \tnow ListenableFutures propagate exception conditions immediately. (Note that\n \tthis is typically unrecoverable, and users should create a new WatchmanClient\n \tto re-establish communication with Watchman.) See #412.\n * The minimum Java version for the Watchman Java client has always been 1.7,\n \tbut it was incorrectly described to be 1.6. The Java client\u0027s build file has\n \tbeen fixed accordingly.\n * Watchman was converted from C to C++. The conversion exposed several\n \tconcurrency bugs, all of which have now been fixed.\n * Subscription queries are now executed in the context of the client thread,\n \twhich means that subscriptions are dispatched in parallel. Previously,\n \tsubscriptions would be serially dispatched and block the disk IO thread.\n * Triggers are now dispatched in parallel and waits are managed in their own\n \tthreads (one thread per trigger). This improves concurrency and resolves a\n \tcouple of waitpid related issues where watchman may not reap spawned children\n \tin a timely fashion, or may spin on CPU until another child is spawned.\n * Fixed an object lifecycle management issue that could cause a crash when\n aging out old/transient files.\n * Implement an upgraded wire protocol, BSERv2, on the server and in pywatchman.\n \tBSERv2 can carry information about string encoding over the wire. This lets\n \tpywatchman convert to Unicode strings on Python 3. Clients and servers know how\n \tto transparently fall back to BSERv1.\n - Changes in 4.9.0:\n * New field: `content.sha1hex`. This field expands to the SHA1 hash of\n the file contents, expressed in hex digits (40 character hex string).\n Watchman maintains a cache of the content hashes and can compute the\n hash on demand and also heuristically as files are changed. This is\n useful for tooling that wants to perform more intelligent cache invalidation\n or build artifact fetching from content addressed storage.\n * Fixed an issue that resulted in the perf logging thread deadlocking when\n `perf_logger_command` is enabled in the global configuration\n * Fixed an issue where queries larger than 1MB would likely result in\n a PDU error response.\n * Reduced lock contention for subscriptions that do no use the advanced\n settling (`drop`, `defer`) options.\n * Fixed `since` generator behavior when using unix timestamps rather than\n the preferred clock string syntax\n * Improved the reporting of \u0027new\u0027 files in watchman results\n * Improved performance of handling changes on case insensitive filesystems\n * pywatchman: the python wheel format is used for publishing watchman pypi package\n * pywatchman: now watchman path is configurable in python client\n * pywatchman: now python client can be used as a context manager\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2022-16",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2022_0016-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2022:0016-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KNMY24O54KQLQYLHBRWLMCEO42RIRELW/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2022:0016-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KNMY24O54KQLQYLHBRWLMCEO42RIRELW/"
},
{
"category": "self",
"summary": "SUSE Bug 1181400",
"url": "https://bugzilla.suse.com/1181400"
},
{
"category": "self",
"summary": "SUSE Bug 1194470",
"url": "https://bugzilla.suse.com/1194470"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-21944 page",
"url": "https://www.suse.com/security/cve/CVE-2022-21944/"
}
],
"title": "Security update for watchman",
"tracking": {
"current_release_date": "2022-01-17T20:11:25Z",
"generator": {
"date": "2022-01-17T20:11:25Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2022:0016-1",
"initial_release_date": "2022-01-17T20:11:25Z",
"revision_history": [
{
"date": "2022-01-17T20:11:25Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"product": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"product_id": "python3-watchman-1.4.0-bp153.2.3.1.aarch64"
}
},
{
"category": "product_version",
"name": "watchman-4.9.0-bp153.2.3.1.aarch64",
"product": {
"name": "watchman-4.9.0-bp153.2.3.1.aarch64",
"product_id": "watchman-4.9.0-bp153.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-watchman-1.4.0-bp153.2.3.1.i586",
"product": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.i586",
"product_id": "python3-watchman-1.4.0-bp153.2.3.1.i586"
}
},
{
"category": "product_version",
"name": "watchman-4.9.0-bp153.2.3.1.i586",
"product": {
"name": "watchman-4.9.0-bp153.2.3.1.i586",
"product_id": "watchman-4.9.0-bp153.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"product": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"product_id": "python3-watchman-1.4.0-bp153.2.3.1.ppc64le"
}
},
{
"category": "product_version",
"name": "watchman-4.9.0-bp153.2.3.1.ppc64le",
"product": {
"name": "watchman-4.9.0-bp153.2.3.1.ppc64le",
"product_id": "watchman-4.9.0-bp153.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-watchman-1.4.0-bp153.2.3.1.s390x",
"product": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.s390x",
"product_id": "python3-watchman-1.4.0-bp153.2.3.1.s390x"
}
},
{
"category": "product_version",
"name": "watchman-4.9.0-bp153.2.3.1.s390x",
"product": {
"name": "watchman-4.9.0-bp153.2.3.1.s390x",
"product_id": "watchman-4.9.0-bp153.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"product": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"product_id": "python3-watchman-1.4.0-bp153.2.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "watchman-4.9.0-bp153.2.3.1.x86_64",
"product": {
"name": "watchman-4.9.0-bp153.2.3.1.x86_64",
"product_id": "watchman-4.9.0-bp153.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.aarch64"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.i586"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.ppc64le"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.s390x"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.x86_64"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.aarch64"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.i586"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.ppc64le"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.s390x"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.x86_64"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.aarch64"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.i586"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.ppc64le"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.s390x"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-watchman-1.4.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.x86_64"
},
"product_reference": "python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.aarch64"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.i586"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.ppc64le"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.s390x"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "watchman-4.9.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.x86_64"
},
"product_reference": "watchman-4.9.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-21944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-21944"
}
],
"notes": [
{
"category": "general",
"text": "A UNIX Symbolic Link (Symlink) Following vulnerability in the systemd service file for watchman of openSUSE Backports SLE-15-SP3, Factory allows local attackers to escalate to root. This issue affects: openSUSE Backports SLE-15-SP3 watchman versions prior to 4.9.0. openSUSE Factory watchman versions prior to 4.9.0-9.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-21944",
"url": "https://www.suse.com/security/cve/CVE-2022-21944"
},
{
"category": "external",
"summary": "SUSE Bug 1194470 for CVE-2022-21944",
"url": "https://bugzilla.suse.com/1194470"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:watchman-4.9.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:python3-watchman-1.4.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:watchman-4.9.0-bp153.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-01-17T20:11:25Z",
"details": "important"
}
],
"title": "CVE-2022-21944"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…