suse-su-2023:3822-1
Vulnerability from csaf_suse
Published
2023-09-27 16:40
Modified
2023-09-27 16:40
Summary
Security update for supportutils
Notes
Title of the patch
Security update for supportutils
Description of the patch
This update for supportutils fixes the following issues:
Security fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other Fixes:
- Changes in version 3.1.26
+ powerpc plugin to collect the slots and active memory (bsc#1210950)
+ A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
+ supportconfig: collect BPF information (pr#154)
+ Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
+ Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
+ powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
+ powerpc: collect invscout logs (pr#150)
+ powerpc: collect RMC status logs (pr#151)
+ Added missing nvme nbft commands (bsc#1211599)
+ Fixed invalid nvme commands (bsc#1211598)
+ Added missing podman information (PED-1703, bsc#1181477)
+ Removed dependency on sysfstools
+ Check for systool use (bsc#1210015)
+ Added selinux checking (bsc#1209979)
+ Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces
that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
+ Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
+ Added plymouth_info
- Changes to getappcore version 1.53.02
+ The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)
Patchnames
SUSE-2023-3822,SUSE-SLE-Micro-5.3-2023-3822,SUSE-SLE-Micro-5.4-2023-3822,SUSE-SLE-Module-Basesystem-15-SP4-2023-3822,SUSE-SLE-Module-Basesystem-15-SP5-2023-3822,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3822,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3822,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3822,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3822,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3822,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3822,SUSE-SUSE-MicroOS-5.1-2023-3822,SUSE-SUSE-MicroOS-5.2-2023-3822,SUSE-Storage-7.1-2023-3822,openSUSE-SLE-15.4-2023-3822,openSUSE-SLE-15.5-2023-3822
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for supportutils",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for supportutils fixes the following issues:\n\nSecurity fixes:\n\n- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).\n\nOther Fixes:\n\n- Changes in version 3.1.26\n + powerpc plugin to collect the slots and active memory (bsc#1210950)\n + A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154\n + supportconfig: collect BPF information (pr#154)\n + Added additional iscsi information (pr#155)\n\n- Added run time detection (bsc#1213127)\n\n- Changes for supportutils version 3.1.25\n + Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)\n + powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)\n + powerpc: collect invscout logs (pr#150)\n + powerpc: collect RMC status logs (pr#151)\n + Added missing nvme nbft commands (bsc#1211599)\n + Fixed invalid nvme commands (bsc#1211598)\n + Added missing podman information (PED-1703, bsc#1181477)\n + Removed dependency on sysfstools\n + Check for systool use (bsc#1210015)\n + Added selinux checking (bsc#1209979)\n + Updated SLES_VER matrix\n\n- Fixed missing status detail for apparmor (bsc#1196933)\n- Corrected invalid argument list in docker.txt (bsc#1206608)\n- Applies limit equally to sar data and text files (bsc#1207543)\n- Collects hwinfo hardware logs (bsc#1208928)\n- Collects lparnumascore logs (issue#148)\n\n- Add dependency to `numactl` on ppc64le and `s390x`, this enforces\n that `numactl --hardware` data is provided in supportconfigs\n\n- Changes to supportconfig.rc version 3.1.11-35\n + Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)\n\n- Changes to supportconfig version 3.1.11-46.4\n + Added plymouth_info \n\n- Changes to getappcore version 1.53.02\n + The location of chkbin was updated earlier. This documents that\n change (bsc#1205533, bsc#1204942)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3822,SUSE-SLE-Micro-5.3-2023-3822,SUSE-SLE-Micro-5.4-2023-3822,SUSE-SLE-Module-Basesystem-15-SP4-2023-3822,SUSE-SLE-Module-Basesystem-15-SP5-2023-3822,SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3822,SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3822,SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3822,SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3822,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-3822,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3822,SUSE-SUSE-MicroOS-5.1-2023-3822,SUSE-SUSE-MicroOS-5.2-2023-3822,SUSE-Storage-7.1-2023-3822,openSUSE-SLE-15.4-2023-3822,openSUSE-SLE-15.5-2023-3822",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3822-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3822-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233822-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3822-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-September/031743.html"
},
{
"category": "self",
"summary": "SUSE Bug 1181477",
"url": "https://bugzilla.suse.com/1181477"
},
{
"category": "self",
"summary": "SUSE Bug 1196933",
"url": "https://bugzilla.suse.com/1196933"
},
{
"category": "self",
"summary": "SUSE Bug 1204942",
"url": "https://bugzilla.suse.com/1204942"
},
{
"category": "self",
"summary": "SUSE Bug 1205533",
"url": "https://bugzilla.suse.com/1205533"
},
{
"category": "self",
"summary": "SUSE Bug 1206402",
"url": "https://bugzilla.suse.com/1206402"
},
{
"category": "self",
"summary": "SUSE Bug 1206608",
"url": "https://bugzilla.suse.com/1206608"
},
{
"category": "self",
"summary": "SUSE Bug 1207543",
"url": "https://bugzilla.suse.com/1207543"
},
{
"category": "self",
"summary": "SUSE Bug 1207598",
"url": "https://bugzilla.suse.com/1207598"
},
{
"category": "self",
"summary": "SUSE Bug 1208928",
"url": "https://bugzilla.suse.com/1208928"
},
{
"category": "self",
"summary": "SUSE Bug 1209979",
"url": "https://bugzilla.suse.com/1209979"
},
{
"category": "self",
"summary": "SUSE Bug 1210015",
"url": "https://bugzilla.suse.com/1210015"
},
{
"category": "self",
"summary": "SUSE Bug 1210950",
"url": "https://bugzilla.suse.com/1210950"
},
{
"category": "self",
"summary": "SUSE Bug 1211598",
"url": "https://bugzilla.suse.com/1211598"
},
{
"category": "self",
"summary": "SUSE Bug 1211599",
"url": "https://bugzilla.suse.com/1211599"
},
{
"category": "self",
"summary": "SUSE Bug 1213127",
"url": "https://bugzilla.suse.com/1213127"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-45154 page",
"url": "https://www.suse.com/security/cve/CVE-2022-45154/"
}
],
"title": "Security update for supportutils",
"tracking": {
"current_release_date": "2023-09-27T16:40:57Z",
"generator": {
"date": "2023-09-27T16:40:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3822-1",
"initial_release_date": "2023-09-27T16:40:57Z",
"revision_history": [
{
"date": "2023-09-27T16:40:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"product": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"product_id": "supportutils-3.1.26-150300.7.35.21.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.3",
"product": {
"name": "SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.4",
"product": {
"name": "SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 7.1",
"product": {
"name": "SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:7.1"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.4",
"product": {
"name": "openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.4"
}
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.5",
"product": {
"name": "openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.3",
"product_id": "SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.4",
"product_id": "SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP4",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Module for Basesystem 15 SP5",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Server 15 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of SUSE Enterprise Storage 7.1",
"product_id": "SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 7.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of openSUSE Leap 15.4",
"product_id": "openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-3.1.26-150300.7.35.21.1.noarch as component of openSUSE Leap 15.5",
"product_id": "openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
},
"product_reference": "supportutils-3.1.26-150300.7.35.21.1.noarch",
"relates_to_product_reference": "openSUSE Leap 15.5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-45154",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-45154"
}
],
"notes": [
{
"category": "general",
"text": "A Cleartext Storage of Sensitive Information vulnerability in suppportutils of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 15, SUSE Linux Enterprise Server 15 SP3 allows attackers that get access to the support logs to gain knowledge of the stored credentials This issue affects: SUSE Linux Enterprise Server 12 supportutils version 3.0.10-95.51.1CWE-312: Cleartext Storage of Sensitive Information and prior versions. SUSE Linux Enterprise Server 15 supportutils version 3.1.21-150000.5.44.1 and prior versions. SUSE Linux Enterprise Server 15 SP3 supportutils version 3.1.21-150300.7.35.15.1 and prior versions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-45154",
"url": "https://www.suse.com/security/cve/CVE-2022-45154"
},
{
"category": "external",
"summary": "SUSE Bug 1207598 for CVE-2022-45154",
"url": "https://bugzilla.suse.com/1207598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Enterprise Storage 7.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.1:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Micro 5.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Module for Basesystem 15 SP5:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server 15 SP3-LTSS:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP3:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Proxy 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"SUSE Manager Server 4.2:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.4:supportutils-3.1.26-150300.7.35.21.1.noarch",
"openSUSE Leap 15.5:supportutils-3.1.26-150300.7.35.21.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-09-27T16:40:57Z",
"details": "moderate"
}
],
"title": "CVE-2022-45154"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…