SUSE-SU-2020:0263-1

Details

This update for wicked fixes the following issues:

CVE-2019-18902: Fixed a use-after-free when receiving invalid DHCP6 client options (bsc#1160903).
CVE-2020-7216: Fixed a potential denial of service via a memory leak when processing packets with missing message type option in DHCP4 (bsc#1160905).

Affected Packages

wicked

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP Applications 15

Fixed in:

0.6.60-3.21.1

wicked-service

SUSE Linux Enterprise High Performance Computing 15-ESPOSSUSE Linux Enterprise High Performance Computing 15-LTSSSUSE Linux Enterprise Module for Basesystem 15SUSE Linux Enterprise Server 15-LTSSSUSE Linux Enterprise Server for SAP Applications 15

Fixed in:

0.6.60-3.21.1

References

REPORT

https://bugzilla.suse.com/1160903

REPORT

https://bugzilla.suse.com/1160905

WEB

https://www.suse.com/security/cve/CVE-2019-18902

WEB

https://www.suse.com/security/cve/CVE-2020-7216

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20200263-1/