SUSE-SU-2023:0871-1
Vulnerability Summary
Timeline
Description
Security update for container-suseconnect This update of container-suseconnect fixes the following issue: - container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7. - CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270). - CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271). - CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272). - CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030). - CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).
Affected Systems
- suse•container-suseconnect&distro=SUSE Enterprise Storage 7
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Enterprise Storage 7.1
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise Module for Containers 15 SP4
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise Server 15 SP1-LTSS
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP1
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 2.4.0-150000.4.24.1
- suse•container-suseconnect&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3
< 2.4.0-150000.4.24.1
References (12)
- https://www.suse.com/support/update/announcement/2023/suse-su-20230871-1/
- https://bugzilla.suse.com/1200441
- https://bugzilla.suse.com/1206134
- https://bugzilla.suse.com/1208270
- https://bugzilla.suse.com/1208271
- https://bugzilla.suse.com/1208272
- https://bugzilla.suse.com/1209030
- https://www.suse.com/security/cve/CVE-2022-41720
- https://www.suse.com/security/cve/CVE-2022-41723
- https://www.suse.com/security/cve/CVE-2022-41724
- https://www.suse.com/security/cve/CVE-2022-41725
- https://www.suse.com/security/cve/CVE-2023-24532