Oval Definition:oval:org.opensuse.security:def:69879
Revision Date:2021-06-23Version:1
Title:Security update for cryptctl (Important)
Description:

This update for cryptctl fixes the following issues:

Update to version 2.4:

- CVE-2019-18906: Client side password hashing was equivalent to clear text password storage (bsc#1186226) - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organization - in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address - tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case - avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.
Family:unixClass:patch
Status:Reference(s):1186226
CVE-2012-6708
CVE-2015-9251
CVE-2017-17742
CVE-2018-1000073
CVE-2018-1000074
CVE-2018-1000075
CVE-2018-1000076
CVE-2018-1000077
CVE-2018-1000078
CVE-2018-1000079
CVE-2018-12207
CVE-2018-16395
CVE-2018-16396
CVE-2018-6914
CVE-2018-8777
CVE-2018-8778
CVE-2018-8779
CVE-2018-8780
CVE-2019-11135
CVE-2019-15845
CVE-2019-16201
CVE-2019-16254
CVE-2019-16255
CVE-2019-18906
CVE-2019-8320
CVE-2019-8321
CVE-2019-8322
CVE-2019-8323
CVE-2019-8324
CVE-2019-8325
CVE-2020-10663
CVE-2020-10933
CVE-2020-8130
SUSE-SU-2021:2136-1
Platform(s):SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Server 15 SP1-LTSS
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • libruby2_5-2_5-2.5.8-4.11 is installed
  • OR ruby2.5-2.5.8-4.11 is installed
  • OR ruby2.5-devel-2.5.8-4.11 is installed
  • OR ruby2.5-devel-extra-2.5.8-4.11 is installed
  • OR ruby2.5-stdlib-2.5.8-4.11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15 SP1-LTSS is installed
  • AND cryptctl-2.4-4.5.1 is installed
    • BACK