Main Vulnerability Database SB2024041150

SB2024041150 - SUSE update for Recommended update for libzypp, zypper, PackageKit

Published: April 11, 2024

Security Bulletin ID SB2024041150

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Partial DoS

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Use-after-free (CVE-ID: CVE-2024-0217)

CWE-ID: CWE-416 - Use After Free

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in pk-transaction.c. A local user can trigger a use-after-free error and crash the application.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-ru-20241202-1/

Vulnerable Software

SUSE Linux Enterprise High Performance Computing 15: SP2, SP3
SUSE Linux Enterprise Server 15: SP2, SP3
SUSE Linux Enterprise Server for SAP Applications 15: SP2, SP3
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise Micro: 5.1, 5.2
SUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
openSUSE Leap: 15.3
libyui-rest-api-debugsource: before 0.3.0-150200.3.2.2, 4.1.5-150300.3.10.5
libyui-rest-api-devel: before 0.3.0-150200.3.2.2, 4.1.5-150300.3.10.5
libyui-rest-api11-debuginfo: before 0.3.0-150200.3.2.2
libyui-rest-api11: before 0.3.0-150200.3.2.2
PackageKit-devel: before 1.1.13-150200.4.30.4
libpackagekit-glib2-18-debuginfo: before 1.1.13-150200.4.30.4
libpackagekit-glib2-devel: before 1.1.13-150200.4.30.4
PackageKit-debugsource: before 1.1.13-150200.4.30.4
libpackagekit-glib2-18: before 1.1.13-150200.4.30.4
PackageKit-debuginfo: before 1.1.13-150200.4.30.4
PackageKit-lang: before 1.1.13-150200.4.30.4
typelib-1_0-PackageKitGlib-1_0: before 1.1.13-150200.4.30.4
PackageKit-backend-zypp-debuginfo: before 1.1.13-150200.4.30.4
PackageKit-devel-debuginfo: before 1.1.13-150200.4.30.4
PackageKit: before 1.1.13-150200.4.30.4
PackageKit-backend-zypp: before 1.1.13-150200.4.30.4
zypper-log: before 1.14.69-150200.73.7
zypper-debugsource: before 1.14.69-150200.73.7
zypper-debuginfo: before 1.14.69-150200.73.7
zypper: before 1.14.69-150200.73.7
zypper-needs-restarting: before 1.14.69-150200.73.7
libyui-qt-pkg11-debuginfo: before 2.47.5-150200.3.4.4
libyui-qt-pkg-debugsource: before 2.47.5-150200.3.4.4, 4.1.5-150300.3.10.17
libyui-qt-pkg-devel: before 2.47.5-150200.3.4.4, 4.1.5-150300.3.10.17
libyui-qt-pkg11: before 2.47.5-150200.3.4.4
libyui-ncurses-pkg11-debuginfo: before 2.50.8-150200.3.5.5
libyui-ncurses-pkg11: before 2.50.8-150200.3.5.5
libyui-ncurses-pkg-devel: before 2.50.8-150200.3.5.5, 4.1.5-150300.3.10.19
libyui-ncurses-pkg-debugsource: before 2.50.8-150200.3.5.5, 4.1.5-150300.3.10.19
libyui11: before 3.9.3-150200.3.2.6
libyui11-debuginfo: before 3.9.3-150200.3.2.6
libyui-debugsource: before 3.9.3-150200.3.2.6, 4.1.5-150300.3.10.5
libyui-devel: before 3.9.3-150200.3.2.6, 4.1.5-150300.3.10.5
libyui-qt-graph15-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-rest-api-devel: before 4.1.5-150300.3.10.5
libyui-ncurses-rest-api-devel: before 4.1.5-150300.3.10.5
libyui-ncurses-rest-api-debugsource: before 4.1.5-150300.3.10.5
libyui-qt15: before 4.1.5-150300.3.10.5
libyui-qt-rest-api15-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-devel: before 4.1.5-150300.3.10.5
libyui-ncurses-devel: before 4.1.5-150300.3.10.5
libyui-qt-debugsource: before 4.1.5-150300.3.10.5
libyui-rest-api15: before 4.1.5-150300.3.10.5
libyui-ncurses-tools: before 4.1.5-150300.3.10.5
python3-yui: before 4.1.5-150300.3.10.5
libyui-ncurses-rest-api15: before 4.1.5-150300.3.10.5
libyui-qt-rest-api15: before 4.1.5-150300.3.10.5
libyui-bindings-debugsource: before 4.1.5-150300.3.10.5
libyui-qt-rest-api-debugsource: before 4.1.5-150300.3.10.5
libyui-qt-graph15: before 4.1.5-150300.3.10.5
libyui-ncurses15-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-graph-devel: before 4.1.5-150300.3.10.5
perl-yui-debuginfo: before 4.1.5-150300.3.10.5
libyui-ncurses-rest-api15-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-graph-debugsource: before 4.1.5-150300.3.10.5
ruby-yui: before 4.1.5-150300.3.10.5
libyui-rest-api15-debuginfo: before 4.1.5-150300.3.10.5
python3-yui-debuginfo: before 4.1.5-150300.3.10.5
libyui-ncurses15: before 4.1.5-150300.3.10.5
ruby-yui-debuginfo: before 4.1.5-150300.3.10.5
perl-yui: before 4.1.5-150300.3.10.5
libyui15: before 4.1.5-150300.3.10.5
libyui-ncurses-debugsource: before 4.1.5-150300.3.10.5
libyui-qt15-debuginfo: before 4.1.5-150300.3.10.5
libyui15-debuginfo: before 4.1.5-150300.3.10.5
libyui-bindings-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-pkg15: before 4.1.5-150300.3.10.17
libyui-qt-pkg15-debuginfo: before 4.1.5-150300.3.10.17
libyui-ncurses-pkg15-debuginfo: before 4.1.5-150300.3.10.19
libyui-ncurses-pkg15: before 4.1.5-150300.3.10.19
yast2-pkg-bindings-debuginfo: before 4.2.17-150200.3.24.6, 4.3.13-150300.3.8.21
yast2-pkg-bindings: before 4.2.17-150200.3.24.6, 4.3.13-150300.3.8.21
yast2-pkg-bindings-debugsource: before 4.2.17-150200.3.24.6, 4.3.13-150300.3.8.21
PackageKit-branding-SLE: before 12.0-150200.9.2.2
libzypp: before 17.32.2-150200.92.3
libzypp-debuginfo: before 17.32.2-150200.92.3
libzypp-devel: before 17.32.2-150200.92.3
libzypp-debugsource: before 17.32.2-150200.92.3

SB2024041150 - SUSE update for Recommended update for libzypp, zypper, PackageKit

Breakdown by Severity

Description

Remediation

References

Please verify you're human