Oval Definition:oval:org.opensuse.security:def:69680
Revision Date:2021-06-23Version:1
Title:Security update for cryptctl (Important)
Description:

This update for cryptctl fixes the following issues:

Update to version 2.4:

- CVE-2019-18906: Client side password hashing was equivalent to clear text password storage (bsc#1186226) - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organization - in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address - tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case - avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.
Family:unixClass:patch
Status:Reference(s):1158108
1158109
1186226
CVE-2013-1996
CVE-2019-14861
CVE-2019-14870
CVE-2019-18906
SUSE-SU-2019:3319-1
SUSE-SU-2021:2136-1
Platform(s):SUSE Enterprise Storage 6
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP1-BCL
Product(s):
Definition Synopsis
  • SUSE Enterprise Storage 6 is installed
  • AND Package Information
  • samba-4.9.5+git.224.86a8e66adea-3.18 is installed
  • OR samba-ceph-4.9.5+git.224.86a8e66adea-3.18 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • libFS-devel-1.0.7-1 is installed
  • OR libFS6-1.0.7-1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15 SP1-BCL is installed
  • AND cryptctl-2.4-4.5.1 is installed
    • BACK