Oval Definition:oval:org.opensuse.security:def:70430
Revision Date:2021-06-23Version:1
Title:Security update for cryptctl (Important)
Description:

This update for cryptctl fixes the following issues:

Update to version 2.4:

- CVE-2019-18906: Client side password hashing was equivalent to clear text password storage (bsc#1186226) - First step to use plain text password instead of hashed password. - Move repository into the SUSE github organization - in RPC server, if client comes from localhost, remember its ipv4 localhost address instead of ipv6 address - tell a record to clear expired pending commands upon saving a command result; introduce pending commands RPC test case - avoid hard coding 127.0.0.1 in host ID of alive message test; let system administrator mount and unmount disks by issuing these two commands on key server.
Family:unixClass:patch
Status:Reference(s):1171863
1171864
1171866
1172348
1178512
1186226
CVE-2019-18906
CVE-2020-10543
CVE-2020-10878
CVE-2020-12723
CVE-2020-28196
SUSE-SU-2020:3377-1
SUSE-SU-2021:2136-1
Platform(s):SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • krb5-1.16.3-3.15 is installed
  • OR krb5-32bit-1.16.3-3.15 is installed
  • OR krb5-client-1.16.3-3.15 is installed
  • OR krb5-devel-1.16.3-3.15 is installed
  • OR krb5-plugin-preauth-otp-1.16.3-3.15 is installed
  • OR krb5-plugin-preauth-pkinit-1.16.3-3.15 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed
  • AND Package Information
  • perl-5.26.1-7.12 is installed
  • OR perl-32bit-5.26.1-7.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for SAP Applications 15 SP1 is installed
  • AND cryptctl-2.4-4.5.1 is installed
    • BACK