PT-2020-10010 · Suse · Suse Linux Enterprise Server+4

Malte Kraus

Published

2020-01-30

Updated

2024-06-15

CVE-2019-18902

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise Server 12 wicked versions prior to 0.6.60-3.5.1 SUSE Linux Enterprise Server 15 wicked versions prior to 0.6.60-3.21.1 openSUSE Leap 15.1 wicked versions prior to 0.6.60-lp151.2.6.1 openSUSE Factory wicked versions prior to 0.6.62

Description A Use After Free issue in wicked allows remote attackers to cause Denial of Service (DoS) or potentially execute code.

Recommendations For SUSE Linux Enterprise Server 12, update wicked to version 0.6.60-3.5.1 or later. For SUSE Linux Enterprise Server 15, update wicked to version 0.6.60-3.21.1 or later. For openSUSE Leap 15.1, update wicked to version 0.6.60-lp151.2.6.1 or later. For openSUSE Factory, update wicked to version 0.6.62 or later.

Fix

DoS

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

CVE-2019-18902

OPENSUSE-SU-2020:0165-1

OPENSUSE-SU-2020_0165-1

OPENSUSE-SU-2024:11511-1

SUSE-SU-2020:0263-1

SUSE-SU-2020:0264-1

SUSE-SU-2020:0351-1

SUSE-SU-2020:0358-1

SUSE-SU-2020:0369-1

SUSE-SU-2020:0410-1

SUSE-SU-2020_0263-1

SUSE-SU-2020_0264-1

SUSE-SU-2020_0351-1

SUSE-SU-2020_0358-1

SUSE-SU-2020_0369-1

SUSE-SU-2020_0410-1

Affected Products

Suse Linux Enterprise Server

Suse

Opensuse Factory

Opensuse Leap

Wicked

PT-2020-10010 · Suse · Suse Linux Enterprise Server+4

CVE-2019-18902

Weakness Enumeration

Related Identifiers

Affected Products

References · 25