Main Vulnerability Database SB2024041150

SB2024041150 - SUSE update for Recommended update for libzypp, zypper, PackageKit

Published: April 11, 2024

Security Bulletin ID SB2024041150

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2024-0217)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error in pk-transaction.c. A local user can trigger a use-after-free error and crash the application.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2024/suse-ru-20241202-1/

Vulnerable Software

SUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Server for SAP Applications 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP3 LTSS: 15-SP3
SUSE Linux Enterprise Server 15: SP2 - SP3
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing LTSS 15: SP3
SUSE Linux Enterprise High Performance Computing 15: SP2 - SP3
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Enterprise Storage: 7.1
SUSE Linux Enterprise Micro: 5.1 - 5.2
openSUSE Leap: 15.3
zypper-log: before 1.14.69-150200.73.7
PackageKit-branding-SLE: before 12.0-150200.9.2.2
PackageKit-lang: before 1.1.13-150200.4.30.4
zypper-needs-restarting: before 1.14.69-150200.73.7
libzypp-devel: before 17.32.2-150200.92.3
zypper: before 1.14.69-150200.73.7
libzypp-debuginfo: before 17.32.2-150200.92.3
libpackagekit-glib2-18-debuginfo: before 1.1.13-150200.4.30.4
libyui11-debuginfo: before 3.9.3-150200.3.2.6
PackageKit-debugsource: before 1.1.13-150200.4.30.4
libyui-rest-api11: before 0.3.0-150200.3.2.2
PackageKit-debuginfo: before 1.1.13-150200.4.30.4
zypper-debuginfo: before 1.14.69-150200.73.7
typelib-1_0-PackageKitGlib-1_0: before 1.1.13-150200.4.30.4
zypper-debugsource: before 1.14.69-150200.73.7
libyui-qt-pkg11-debuginfo: before 2.47.5-150200.3.4.4
PackageKit-backend-zypp: before 1.1.13-150200.4.30.4
PackageKit: before 1.1.13-150200.4.30.4
libzypp-debugsource: before 17.32.2-150200.92.3
PackageKit-devel-debuginfo: before 1.1.13-150200.4.30.4
PackageKit-backend-zypp-debuginfo: before 1.1.13-150200.4.30.4
libyui-rest-api11-debuginfo: before 0.3.0-150200.3.2.2
libpackagekit-glib2-devel: before 1.1.13-150200.4.30.4
PackageKit-devel: before 1.1.13-150200.4.30.4
libyui11: before 3.9.3-150200.3.2.6
libyui-ncurses-pkg11-debuginfo: before 2.50.8-150200.3.5.5
libpackagekit-glib2-18: before 1.1.13-150200.4.30.4
libyui-qt-pkg11: before 2.47.5-150200.3.4.4
libyui-ncurses-pkg11: before 2.50.8-150200.3.5.5
libzypp: before 17.32.2-150200.92.3
libyui-ncurses-pkg-devel: before 2.50.8-150200.3.5.5
libyui-qt-debugsource: before 4.1.5-150300.3.10.5
libyui-ncurses-devel: before 4.1.5-150300.3.10.5
libyui-ncurses-pkg15: before 4.1.5-150300.3.10.19
libyui-ncurses-pkg15-debuginfo: before 4.1.5-150300.3.10.19
libyui-qt-devel: before 4.1.5-150300.3.10.5
yast2-pkg-bindings-debuginfo: before 4.2.17-150200.3.24.6
libyui-qt15: before 4.1.5-150300.3.10.5
libyui-qt-pkg15-debuginfo: before 4.1.5-150300.3.10.17
libyui-qt-pkg-debugsource: before 2.47.5-150200.3.4.4
libyui-ncurses-rest-api-debugsource: before 4.1.5-150300.3.10.5
libyui-qt-rest-api15-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-rest-api-devel: before 4.1.5-150300.3.10.5
libyui-qt-graph15-debuginfo: before 4.1.5-150300.3.10.5
libyui-ncurses-rest-api15: before 4.1.5-150300.3.10.5
perl-yui: before 4.1.5-150300.3.10.5
yast2-pkg-bindings-debugsource: before 4.2.17-150200.3.24.6
libyui15: before 4.1.5-150300.3.10.5
libyui-devel: before 3.9.3-150200.3.2.6
libyui-rest-api-debugsource: before 0.3.0-150200.3.2.2
libyui-qt15-debuginfo: before 4.1.5-150300.3.10.5
libyui15-debuginfo: before 4.1.5-150300.3.10.5
libyui-bindings-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-pkg-devel: before 2.47.5-150200.3.4.4
libyui-ncurses-debugsource: before 4.1.5-150300.3.10.5
libyui-ncurses-tools: before 4.1.5-150300.3.10.5
libyui-ncurses-pkg-debugsource: before 2.50.8-150200.3.5.5
python3-yui: before 4.1.5-150300.3.10.5
libyui-ncurses15-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-rest-api15: before 4.1.5-150300.3.10.5
libyui-bindings-debugsource: before 4.1.5-150300.3.10.5
libyui-qt-rest-api-debugsource: before 4.1.5-150300.3.10.5
libyui-qt-graph15: before 4.1.5-150300.3.10.5
yast2-pkg-bindings: before 4.2.17-150200.3.24.6
libyui-debugsource: before 3.9.3-150200.3.2.6
libyui-rest-api-devel: before 0.3.0-150200.3.2.2
libyui-rest-api15: before 4.1.5-150300.3.10.5
libyui-qt-graph-devel: before 4.1.5-150300.3.10.5
perl-yui-debuginfo: before 4.1.5-150300.3.10.5
libyui-ncurses-rest-api15-debuginfo: before 4.1.5-150300.3.10.5
libyui-qt-graph-debugsource: before 4.1.5-150300.3.10.5
libyui-qt-pkg15: before 4.1.5-150300.3.10.17
ruby-yui: before 4.1.5-150300.3.10.5
libyui-rest-api15-debuginfo: before 4.1.5-150300.3.10.5
python3-yui-debuginfo: before 4.1.5-150300.3.10.5
libyui-ncurses15: before 4.1.5-150300.3.10.5
ruby-yui-debuginfo: before 4.1.5-150300.3.10.5
libyui-ncurses-rest-api-devel: before 4.1.5-150300.3.10.5

SB2024041150 - SUSE update for Recommended update for libzypp, zypper, PackageKit

Breakdown by Severity

Description

Remediation

References

Please verify you're human