suse-su-2022:3896-1
Vulnerability from csaf_suse
Published
2022-11-08 09:17
Modified
2022-11-08 09:17
Summary
Security update for conmon
Notes
Title of the patch
Security update for conmon
Description of the patch
This update for conmon fixes the following issues:
conmon was updated to 2.1.3:
* Stop using g_unix_signal_add() to avoid threads
* Rename CLI optionlog-size-global-max to log-global-size-max
Update to version 2.1.2:
* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
* journald: print tag and name if both are specified
* drop some logs to debug level
Update to version 2.1.0
* logging: buffer partial messages to journald
* exit: close all fds >= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails.
Call g_free instead of free.
Update to version 2.0.32
* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
* exit_command: Fix: unset subreaper attribute before running exit command
Update to version 2.0.31
* logging: new mode -l passthrough
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* conmon: Fix: free userdata files before exec cleanup
Update to version 2.0.30:
* Remove unreachable code path
* exit: report if the exit command was killed
* exit: fix race zombie reaper
* conn_sock: allow watchdog messages through the notify socket proxy
* seccomp: add support for seccomp notify
Update to version 2.0.29:
* Reset OOM score back to 0 for container runtime
* call functions registered with atexit on SIGTERM
* conn_sock: fix potential segfault
Update to version 2.0.27:
* Add CRI-O integration test GitHub action
* exec: don't fail on EBADFD
* close_fds: fix close of external fds
* Add arm64 static build binary
Update to version 2.0.26:
* conn_sock: do not fail on EAGAIN
* fix segfault from a double freed pointer
* Fix a bug where conmon could never spawn a container, because
a disagreement between the caller and itself on where the attach
socket was.
* improve --full-attach to ignore the socket-dir directly. that
means callers don't need to specify a socket dir at all (and
can remove it)
* add full-attach option to allow callers to not truncate a very
long path for the attach socket
* close only opened FDs
* set locale to inherit environment
Update to version 2.0.22:
* added man page
* attach: always chdir
* conn_sock: Explicitly free a heap-allocated string
* refactor I/O and add SD_NOTIFY proxy support
Update to version 2.0.21:
* protect against kill(-1)
* Makefile: enable debuginfo generation
* Remove go.sum file and add go.mod
* Fail if conmon config could not be written
* nix: remove double definition for e2fsprogs
* Speedup static build by utilizing CI cache on `/nix` folder
* Fix nix build for failing e2fsprogs tests
* test: fix CI
* Use Podman for building
Patchnames
SUSE-2022-3896,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3896,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3896,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3896,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3896,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3896,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3896,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3896,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3896,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3896,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3896,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3896,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3896,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3896,SUSE-Storage-6-2022-3896,SUSE-Storage-7-2022-3896
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for conmon",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for conmon fixes the following issues:\n\nconmon was updated to 2.1.3:\n\n* Stop using g_unix_signal_add() to avoid threads\n* Rename CLI optionlog-size-global-max to log-global-size-max \n\nUpdate to version 2.1.2:\n\n* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)\n* journald: print tag and name if both are specified\n* drop some logs to debug level\n\nUpdate to version 2.1.0\n\n* logging: buffer partial messages to journald\n* exit: close all fds \u003e= 3\n* fix: cgroup: Free memory_cgroup_file_path if open fails.\n Call g_free instead of free.\n\nUpdate to version 2.0.32\n\n* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.\n* exit_command: Fix: unset subreaper attribute before running exit command\n\nUpdate to version 2.0.31\n \n* logging: new mode -l passthrough\n* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald\n* conmon: Fix: free userdata files before exec cleanup\n\nUpdate to version 2.0.30:\n\n* Remove unreachable code path\n* exit: report if the exit command was killed\n* exit: fix race zombie reaper\n* conn_sock: allow watchdog messages through the notify socket proxy\n* seccomp: add support for seccomp notify\n\nUpdate to version 2.0.29:\n\n* Reset OOM score back to 0 for container runtime\n* call functions registered with atexit on SIGTERM\n* conn_sock: fix potential segfault\n\nUpdate to version 2.0.27:\n\n* Add CRI-O integration test GitHub action\n* exec: don\u0027t fail on EBADFD\n* close_fds: fix close of external fds\n* Add arm64 static build binary\n\nUpdate to version 2.0.26:\n\n* conn_sock: do not fail on EAGAIN\n* fix segfault from a double freed pointer\n* Fix a bug where conmon could never spawn a container, because\n a disagreement between the caller and itself on where the attach\n socket was.\n* improve --full-attach to ignore the socket-dir directly. that\n means callers don\u0027t need to specify a socket dir at all (and\n can remove it)\n* add full-attach option to allow callers to not truncate a very\n long path for the attach socket\n* close only opened FDs\n* set locale to inherit environment\n\nUpdate to version 2.0.22:\n\n* added man page\n* attach: always chdir\n* conn_sock: Explicitly free a heap-allocated string\n* refactor I/O and add SD_NOTIFY proxy support\n\nUpdate to version 2.0.21:\n\n* protect against kill(-1)\n* Makefile: enable debuginfo generation\n* Remove go.sum file and add go.mod\n* Fail if conmon config could not be written\n* nix: remove double definition for e2fsprogs\n* Speedup static build by utilizing CI cache on `/nix` folder\n* Fix nix build for failing e2fsprogs tests\n* test: fix CI\n* Use Podman for building\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-3896,SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-3896,SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-3896,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-3896,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-3896,SUSE-SLE-Product-SLES-15-SP1-BCL-2022-3896,SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-3896,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-3896,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-3896,SUSE-SLE-Product-SLES_SAP-15-SP1-2022-3896,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-3896,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-3896,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-3896,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-3896,SUSE-Storage-6-2022-3896,SUSE-Storage-7-2022-3896",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3896-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:3896-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20223896-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:3896-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-November/012837.html"
},
{
"category": "self",
"summary": "SUSE Bug 1200285",
"url": "https://bugzilla.suse.com/1200285"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-1708 page",
"url": "https://www.suse.com/security/cve/CVE-2022-1708/"
}
],
"title": "Security update for conmon",
"tracking": {
"current_release_date": "2022-11-08T09:17:04Z",
"generator": {
"date": "2022-11-08T09:17:04Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:3896-1",
"initial_release_date": "2022-11-08T09:17:04Z",
"revision_history": [
{
"date": "2022-11-08T09:17:04Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "conmon-2.1.3-150100.3.9.1.aarch64",
"product": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64",
"product_id": "conmon-2.1.3-150100.3.9.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2.1.3-150100.3.9.1.i586",
"product": {
"name": "conmon-2.1.3-150100.3.9.1.i586",
"product_id": "conmon-2.1.3-150100.3.9.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2.1.3-150100.3.9.1.ppc64le",
"product": {
"name": "conmon-2.1.3-150100.3.9.1.ppc64le",
"product_id": "conmon-2.1.3-150100.3.9.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2.1.3-150100.3.9.1.s390x",
"product": {
"name": "conmon-2.1.3-150100.3.9.1.s390x",
"product_id": "conmon-2.1.3-150100.3.9.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "conmon-2.1.3-150100.3.9.1.x86_64",
"product": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64",
"product_id": "conmon-2.1.3-150100.3.9.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_bcl:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.1",
"product": {
"name": "SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.1",
"product": {
"name": "SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.1",
"product": {
"name": "SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 6",
"product": {
"name": "SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:6"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7",
"product": {
"name": "SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:conmon-2.1.3-150100.3.9.1.aarch64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.aarch64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:conmon-2.1.3-150100.3.9.1.aarch64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.aarch64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP1-BCL:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.aarch64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.ppc64le"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.s390x"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP1-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP1-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 15 SP2-BCL:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.aarch64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.ppc64le as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.ppc64le"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.s390x as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.s390x"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server 15 SP2-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP2-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:conmon-2.1.3-150100.3.9.1.ppc64le"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP1:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:conmon-2.1.3-150100.3.9.1.ppc64le"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP2",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP2:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Manager Proxy 4.1",
"product_id": "SUSE Manager Proxy 4.1:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Manager Retail Branch Server 4.1",
"product_id": "SUSE Manager Retail Branch Server 4.1:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.ppc64le as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.ppc64le"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.s390x as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.s390x"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Manager Server 4.1",
"product_id": "SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:conmon-2.1.3-150100.3.9.1.aarch64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Enterprise Storage 6",
"product_id": "SUSE Enterprise Storage 6:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.aarch64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:conmon-2.1.3-150100.3.9.1.aarch64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "conmon-2.1.3-150100.3.9.1.x86_64 as component of SUSE Enterprise Storage 7",
"product_id": "SUSE Enterprise Storage 7:conmon-2.1.3-150100.3.9.1.x86_64"
},
"product_reference": "conmon-2.1.3-150100.3.9.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 7"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-1708",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-1708"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 6:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Enterprise Storage 6:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Enterprise Storage 7:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Enterprise Storage 7:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Proxy 4.1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-1708",
"url": "https://www.suse.com/security/cve/CVE-2022-1708"
},
{
"category": "external",
"summary": "SUSE Bug 1200285 for CVE-2022-1708",
"url": "https://bugzilla.suse.com/1200285"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 6:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Enterprise Storage 6:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Enterprise Storage 7:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Enterprise Storage 7:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Proxy 4.1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 6:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Enterprise Storage 6:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Enterprise Storage 7:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Enterprise Storage 7:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-BCL:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP1-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-BCL:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.aarch64",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Linux Enterprise Server 15 SP2-LTSS:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15 SP2:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Proxy 4.1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Retail Branch Server 4.1:conmon-2.1.3-150100.3.9.1.x86_64",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.ppc64le",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.s390x",
"SUSE Manager Server 4.1:conmon-2.1.3-150100.3.9.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-11-08T09:17:04Z",
"details": "moderate"
}
],
"title": "CVE-2022-1708"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…