Google Chrome 多個漏洞

發佈日期: 2022年08月31日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Google Chrome 發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼及繞過保安限制。

---

影響

• 遠端執行程式碼
• 繞過保安限制

---

受影響之系統或技術

• Google Chrome 105.0.5195.52 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

安裝軟件供應商提供的修補程式：

• 更新至 105.0.5195.52 或之後版本

---

漏洞識別碼

• CVE-2022-3038
• CVE-2022-3039
• CVE-2022-3040
• CVE-2022-3041
• CVE-2022-3042
• CVE-2022-3043
• CVE-2022-3044
• CVE-2022-3045
• CVE-2022-3046
• CVE-2022-3047
• CVE-2022-3048
• CVE-2022-3049
• CVE-2022-3050
• CVE-2022-3051
• CVE-2022-3052
• CVE-2022-3053
• CVE-2022-3054
• CVE-2022-3055
• CVE-2022-3056
• CVE-2022-3057
• CVE-2022-3058

---

資料來源

• Google Chrome

---

相關連結

• https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html

Google Chrome Multiple Vulnerabilities

Release Date: 31 Aug 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Google Chrome. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Security Restriction Bypass

---

System / Technologies affected

• Google Chrome prior to 105.0.5195.52

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

Apply fixes issued by the vendor:

• Update to version 105.0.5195.52 or later

---

Vulnerability Identifier

• CVE-2022-3038
• CVE-2022-3039
• CVE-2022-3040
• CVE-2022-3041
• CVE-2022-3042
• CVE-2022-3043
• CVE-2022-3044
• CVE-2022-3045
• CVE-2022-3046
• CVE-2022-3047
• CVE-2022-3048
• CVE-2022-3049
• CVE-2022-3050
• CVE-2022-3051
• CVE-2022-3052
• CVE-2022-3053
• CVE-2022-3054
• CVE-2022-3055
• CVE-2022-3056
• CVE-2022-3057
• CVE-2022-3058

---

Source

• Google Chrome

---

Related Link

• https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_30.html

SUSE Linux 內核多個漏洞

發佈日期: 2022年08月29日

風險: 中度風險

類型: 操作系統 - LINUX

於 SUSE Linux 核心發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼及洩露敏感資料。

 

---

影響

• 阻斷服務
• 權限提升
• 遠端執行程式碼
• 資料洩露

---

受影響之系統或技術

• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Realtime 15-SP3
• SUSE Linux Enterprise Real Time 15-SP3

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.suse.com/support/update/announcement/2022/suse-su-20222892-1

---

漏洞識別碼

• CVE-2020-36516
• CVE-2020-36557
• CVE-2020-36558
• CVE-2021-33655
• CVE-2021-33656
• CVE-2022-1116
• CVE-2022-1462
• CVE-2022-2318
• CVE-2022-2639
• CVE-2022-20166
• CVE-2022-21505
• CVE-2022-26365
• CVE-2022-29581
• CVE-2022-33740
• CVE-2022-33741
• CVE-2022-33742
• CVE-2022-36946

---

資料來源

• AusCERT
• SUSE

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.4219
• https://www.suse.com/support/update/announcement/2022/suse-su-20222892-1

SUSE Linux Kernel Multiple Vulnerabilities

Release Date: 29 Aug 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

 

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure

---

System / Technologies affected

• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Realtime 15-SP3
• SUSE Linux Enterprise Real Time 15-SP3

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.suse.com/support/update/announcement/2022/suse-su-20222892-1

---

Vulnerability Identifier

• CVE-2020-36516
• CVE-2020-36557
• CVE-2020-36558
• CVE-2021-33655
• CVE-2021-33656
• CVE-2022-1116
• CVE-2022-1462
• CVE-2022-2318
• CVE-2022-2639
• CVE-2022-20166
• CVE-2022-21505
• CVE-2022-26365
• CVE-2022-29581
• CVE-2022-33740
• CVE-2022-33741
• CVE-2022-33742
• CVE-2022-36946

---

Source

• AusCERT
• SUSE

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.4219
• https://www.suse.com/support/update/announcement/2022/suse-su-20222892-1

思科產品多個漏洞

發佈日期: 2022年08月26日

風險: 中度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

在思科產品發現多個漏洞，遠端攻擊者可利用這些漏洞在目標系統觸發阻斷服務、權限提升及遠端執行程式碼。

---

影響

• 阻斷服務
• 權限提升
• 遠端執行程式碼

---

受影響之系統或技術

詳情請參閱以下連結﹕

 

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu

---

漏洞識別碼

• CVE-2022-20823
• CVE-2022-20824
• CVE-2022-20865
• CVE-2022-20921

---

資料來源

• Cisco
• AusCERT

---

相關連結

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu
• https://www.auscert.org.au/bulletins/ESB-2022.4194
• https://www.auscert.org.au/bulletins/ESB-2022.4195
• https://www.auscert.org.au/bulletins/ESB-2022.4196
• https://www.auscert.org.au/bulletins/ESB-2022.4197

Cisco Products Multiple Vulnerabilities

Release Date: 26 Aug 2022

RISK: Medium Risk

TYPE: Security software and application - Security Software & Appliance

Multiple vulnerabilities were identified in Cisco Products. A remote attacker could exploit some of these vulnerabilities to trigger denial of service, elevation of privilege and remote code execution on the targeted system.

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution

---

System / Technologies affected

Please refer to the link below for detail:

 

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu

---

Vulnerability Identifier

• CVE-2022-20823
• CVE-2022-20824
• CVE-2022-20865
• CVE-2022-20921

---

Source

• Cisco
• AusCERT

---

Related Link

• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fxos-cmdinj-TxcLNZNH
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-prvesc-BPFp9cZs
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-cdp-dos-ce-wWvPucC9
• https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ospfv3-dos-48qutcu
• https://www.auscert.org.au/bulletins/ESB-2022.4194
• https://www.auscert.org.au/bulletins/ESB-2022.4195
• https://www.auscert.org.au/bulletins/ESB-2022.4196
• https://www.auscert.org.au/bulletins/ESB-2022.4197

VMware Tools 權限提升漏洞

發佈日期: 2022年08月26日

風險: 中度風險

類型: 操作系統 - 網絡操作系統

於 VMware Tools 發現一個漏洞，攻擊者可利用這個漏洞，於目標系統觸發權限提升。

---

影響

• 權限提升

---

受影響之系統或技術

• VMware Tools 10.x
• VMware Tools 11.x
• VMware Tools 12.x

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

• 安裝供應商提供的修補程式：
  https://www.vmware.com/security/advisories/VMSA-2022-0024.html

---

漏洞識別碼

• CVE-2022-31676

---

資料來源

• VMware
• AusCERT

---

相關連結

• https://www.vmware.com/security/advisories/VMSA-2022-0024.html
• https://www.auscert.org.au/bulletins/ESB-2022.4177

VMware Tools Escalation of Privilege Vulnerability

Release Date: 26 Aug 2022

RISK: Medium Risk

TYPE: Operating Systems - VM Ware

A vulnerability was identified in VMware Tools. An attacker could exploit this vulnerability to trigger elevation of privilege.

---

Impact

• Elevation of Privilege

---

System / Technologies affected

• VMware Tools 10.x
• VMware Tools 11.x
• VMware Tools 12.x

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
  https://www.vmware.com/security/advisories/VMSA-2022-0024.html

---

Vulnerability Identifier

• CVE-2022-31676

---

Source

• VMware
• AusCERT

---

Related Link

• https://www.vmware.com/security/advisories/VMSA-2022-0024.html
• https://www.auscert.org.au/bulletins/ESB-2022.4177

GitLab 遠端執行程式碼漏洞

發佈日期: 2022年08月24日

風險: 中度風險

類型: 伺服器 - 其他伺服器

於 GitLab 發現一個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼。

---

影響

• 遠端執行程式碼

---

受影響之系統或技術

• GitLab Community Edition (CE) 15.3.1, 15.2.3 及 15.1.5 以前的版本
• GitLab Enterprise Edition (EE) 15.3.1, 15.2.3 及 15.1.5 以前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

• 供應商已提供更新
  https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/

---

漏洞識別碼

• CVE-2022-2884

---

資料來源

• AusCERT
• GitLab

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.4149
• https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/

GitLab Remote Code Execution Vulnerability

Release Date: 24 Aug 2022

RISK: Medium Risk

TYPE: Servers - Other Servers

A vulnerability has been identified in GitLab. A remote attacker can exploit this vulnerability to trigger remote code execution on the targeted system.

---

Impact

• Remote Code Execution

---

System / Technologies affected

• GitLab Community Edition (CE) versions prior to 15.3.1, 15.2.3 and 15.1.5
• GitLab Enterprise Edition (EE) versions prior to 15.3.1, 15.2.3 and 15.1.5

---

Solutions

Before installation of the software, please visit the software vendor web-site for more details.

• The vendor has issued a fix
  https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/

---

Vulnerability Identifier

• CVE-2022-2884

---

Source

• AusCERT
• GitLab

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.4149
• https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/

Mozilla 產品多個漏洞

發佈日期: 2022年08月24日

風險: 中度風險

類型: 用戶端 - 瀏覽器

於 Mozilla 產品發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發遠端執行任意程式碼、資料篡改、跨網站指令碼及繞過保安限制。

---

影響

• 遠端執行程式碼
• 篡改
• 繞過保安限制
• 跨網站指令碼

---

受影響之系統或技術

以下版本之前的版本﹕

 

• Firefox 104
• Firefox ESR 102.2
• Firefox ESR 91.13
• Thunderbird 102.2
• Thunderbird 91.13

---

解決方案

在安裝軟體之前，請先瀏覽供應商之官方網站，以獲得更多詳細資料。

更新至版本:

 

• 更新至 Firefox 104
• 更新至 Firefox ESR 102.2
• 更新至 Firefox ESR 91.13
• 更新至 Thunderbird 102.2
• 更新至 Thunderbird 91.13

---

漏洞識別碼

• CVE-2022-38472
• CVE-2022-38473
• CVE-2022-38474
• CVE-2022-38475
• CVE-2022-38476
• CVE-2022-38477
• CVE-2022-38478

---

資料來源

• Mozilla

---

相關連結

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/

Mozilla Products Multiple Vulnerabilities

Release Date: 24 Aug 2022

RISK: Medium Risk

TYPE: Clients - Browsers

Multiple vulnerabilities were identified in Mozilla Products. A remote attacker could exploit some of these vulnerabilities to trigger remote code execution, data manipulation, cross-site scripting and security restriction bypass on the targeted system.

---

Impact

• Remote Code Execution
• Data Manipulation
• Security Restriction Bypass
• Cross-Site Scripting

---

System / Technologies affected

Versions prior to:

 

• Firefox 104
• Firefox ESR 102.2
• Firefox ESR 91.13
• Thunderbird 102.2
• Thunderbird 91.13

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

Apply fixes issued by the vendor:

 

• Update to Firefox 104
• Update to Firefox ESR 102.2
• Update to Firefox ESR 91.13
• Update to Thunderbird 102.2
• Update to Thunderbird 91.13

---

Vulnerability Identifier

• CVE-2022-38472
• CVE-2022-38473
• CVE-2022-38474
• CVE-2022-38475
• CVE-2022-38476
• CVE-2022-38477
• CVE-2022-38478

---

Source

• Mozilla

---

Related Link

• https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-34/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-35/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-36/
• https://www.mozilla.org/en-US/security/advisories/mfsa2022-37/

Palo Alto PAN-OS 阻斷服務狀況漏洞

最後更新 2022年08月23日 發佈日期: 2022年08月11日

風險: 高度風險

類型: 保安軟件及應用設備 - 保安軟件及應用設備

在 Palo Alto PAN-OS 發現一個漏洞。遠端攻擊者可利用此漏洞，於目標系統觸發阻斷服務狀況。

 

[更新於 2022-08-23]

CVE-2022-0028 漏洞正被廣泛利用。CVE-2022-0028 漏洞可觸發阻斷服務狀況，風險程度相應地由中度風險升級到高度風險。HKCERT呼籲用戶和管理員應到訪受影響系統的保安更新頁面了解詳情，並儘快更新相關系統。

 

注意：

防火牆配置必須有設定 URL 過濾配置文件，URL 過濾配置文件需包含一個或多個被封鎖類別及指定給一個安全規則，並且該安全規則的源區域面向外部網絡，才可能被外部攻擊者濫用。此配置不是 URL 過濾的典型配置，可能是管理員無意中設定錯誤。

---

影響

• 阻斷服務

---

受影響之系統或技術

• PAN-OS 8.1.23-h1 之前的版本
• PAN-OS 9.0.16-h3 之前的版本
• PAN-OS 9.1.14-h4 之前的版本
• PAN-OS 10.0.11-h1 之前的版本
• PAN-OS 10.1.6-h6 之前的版本
• PAN-OS 10.2.2-h2 之前的版本

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

• 安裝供應商提供的修補程式：
  更新到 PAN-OS 8.1.23-h1, PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, PAN-OS 10.0.11-h1, PAN-OS 10.1.6-h6, PAN-OS 10.2.2-h2 或所有更高的 PAN-OS 版本
• 詳情請參閱以下連結：
  https://security.paloaltonetworks.com/CVE-2022-0028

---

漏洞識別碼

• CVE-2022-0028

---

資料來源

• Palo Alto
• US-CERT

---

相關連結

• https://security.paloaltonetworks.com/CVE-2022-0028
• https://www.cisa.gov/uscert/ncas/current-activity/2022/08/10/palo-alto-networks-releases-security-update-pan-os
• https://www.cisa.gov/uscert/ncas/current-activity/2022/08/22/cisa-adds-one-known-exploited-vulnerabilities-catalog

Palo Alto PAN-OS Denial Of Service Vulnerability

Last Update Date: 23 Aug 2022 Release Date: 11 Aug 2022

RISK: High Risk

TYPE: Security software and application - Security Software & Appliance

A vulnerability has been identified in Palo Alto PAN-OS. A remote attacker can exploit this vulnerability to trigger denial of service condition on the targeted system.

 

[Updated on 2022-08-23]

CVE-2022-0028 is being exploited in the wild. Exploitation of CVE-2022-0028 may trigger denial of service condition. The risk level is changed from medium risk to high risk correspondingly. HKCERT urges users and administrators to review the security update pages for the affected products and apply the related updates as soon as possible.

 

Note:

The firewall configuration must have a URL filtering profile with one or more blocked categories assigned to a security rule with a source zone that has an external facing interface for this issue to be misused by an external attacker. This configuration is not typical for URL filtering and is likely unintended by the administrator.

---

Impact

• Denial of Service

---

System / Technologies affected

• PAN-OS 8.1 versions earlier than PAN-OS 8.1.23-h1
• PAN-OS 9.0 versions earlier than PAN-OS 9.0.16-h3
• PAN-OS 9.1 versions earlier than PAN-OS 9.1.14-h4
• PAN-OS 10.0 versions earlier than PAN-OS 10.0.11-h1
• PAN-OS 10.1 versions earlier than PAN-OS 10.1.6-h6
• PAN-OS 10.2 versions earlier than PAN-OS 10.2.2-h2

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

• Apply fixes issued by the vendor:
  Update to PAN-OS 8.1.23-h1, PAN-OS 9.0.16-h3, PAN-OS 9.1.14-h4, PAN-OS 10.0.11-h1, PAN-OS 10.1.6-h6, PAN-OS 10.2.2-h2, and all later PAN-OS versions
• For detail, please refer to the link below:
  https://security.paloaltonetworks.com/CVE-2022-0028

---

Vulnerability Identifier

• CVE-2022-0028

---

Source

• Palo Alto
• US-CERT

---

Related Link

• https://security.paloaltonetworks.com/CVE-2022-0028
• https://www.cisa.gov/uscert/ncas/current-activity/2022/08/10/palo-alto-networks-releases-security-update-pan-os
• https://www.cisa.gov/uscert/ncas/current-activity/2022/08/22/cisa-adds-one-known-exploited-vulnerabilities-catalog

SUSE Linux 內核多個漏洞

最後更新 2022年08月19日 發佈日期: 2022年08月15日

風險: 中度風險

類型: 操作系統 - LINUX

於 SUSE Linux 核心發現多個漏洞。遠端攻擊者可利用這些漏洞，於目標系統觸發阻斷服務狀況、權限提升、遠端執行任意程式碼及洩露敏感資料。

 

[更新於 2022-08-19]

更新受影響之系統或技術，解決方案，漏洞識別碼及相關連結。

---

影響

• 阻斷服務
• 權限提升
• 遠端執行程式碼
• 資料洩露

---

受影響之系統或技術

• openSUSE Leap 15.3
• openSUSE Leap 15.4
• SUSE CaaS Platform 4.0
• SUSE Enterprise Storage 6
• SUSE Enterprise Storage 7
• SUSE Linux Enterprise Desktop 12-SP5
• SUSE Linux Enterprise Desktop 15-SP4
• SUSE Linux Enterprise High Availability 12-SP4
• SUSE Linux Enterprise High Availability 12-SP5
• SUSE Linux Enterprise High Availability 15
• SUSE Linux Enterprise High Availability 15-SP1
• SUSE Linux Enterprise High Availability 15-SP2
• SUSE Linux Enterprise High Availability 15-SP4
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 12-SP4
• SUSE Linux Enterprise High Performance Computing 12-SP5
• SUSE Linux Enterprise High Performance Computing 15
• SUSE Linux Enterprise High Performance Computing 15-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP1
• SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP2
• SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise High Performance Computing 15-SP4
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Live Patching 12-SP5
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Module for Basesystem 15-SP4
• SUSE Linux Enterprise Module for Development Tools 15-SP4
• SUSE Linux Enterprise Module for Legacy Software 15-SP4
• SUSE Linux Enterprise Module for Live Patching 15
• SUSE Linux Enterprise Module for Live Patching 15-SP1
• SUSE Linux Enterprise Module for Live Patching 15-SP2
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP4
• SUSE Linux Enterprise Module for Public Cloud 15-SP3
• SUSE Linux Enterprise Module for Public Cloud 15-SP4
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 12-SP2-BCL
• SUSE Linux Enterprise Server 12-SP3-BCL
• SUSE Linux Enterprise Server 12-SP4
• SUSE Linux Enterprise Server 12-SP4-LTSS
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15
• SUSE Linux Enterprise Server 15-LTSS
• SUSE Linux Enterprise Server 15-SP1
• SUSE Linux Enterprise Server 15-SP1-BCL
• SUSE Linux Enterprise Server 15-SP1-LTSS
• SUSE Linux Enterprise Server 15-SP2
• SUSE Linux Enterprise Server 15-SP2-BCL
• SUSE Linux Enterprise Server 15-SP2-LTSS
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server 15-SP4
• SUSE Linux Enterprise Server for SAP 12-SP4
• SUSE Linux Enterprise Server for SAP 15
• SUSE Linux Enterprise Server for SAP 15-SP1
• SUSE Linux Enterprise Server for SAP 15-SP2
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 12-SP5
• SUSE Linux Enterprise Server for SAP Applications 15
• SUSE Linux Enterprise Server for SAP Applications 15-SP1
• SUSE Linux Enterprise Server for SAP Applications 15-SP2
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Server for SAP Applications 15-SP4
• SUSE Linux Enterprise Software Development Kit 12-SP5
• SUSE Linux Enterprise Storage 6
• SUSE Linux Enterprise Storage 7
• SUSE Linux Enterprise Storage 7.1
• SUSE Linux Enterprise Workstation Extension 12-SP5
• SUSE Linux Enterprise Workstation Extension 15-SP4
• SUSE Manager Proxy 4.0
• SUSE Manager Proxy 4.1
• SUSE Manager Proxy 4.2
• SUSE Manager Proxy 4.3
• SUSE Manager Retail Branch Server 4.0
• SUSE Manager Retail Branch Server 4.1
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Retail Branch Server 4.3
• SUSE Manager Server 4.0
• SUSE Manager Server 4.1
• SUSE Manager Server 4.2
• SUSE Manager Server 4.3
• SUSE OpenStack Cloud 9
• SUSE OpenStack Cloud Crowbar 9

---

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

 

安裝供應商提供的修補程式：

• https://www.suse.com/support/update/announcement/2022/suse-su-20222840-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222827-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222809-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222808-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222803-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222789-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222780-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222779-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222776-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222770-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222766-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222781-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222745-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222762-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222750-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222741-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222738-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222759-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222732-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222726-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222728-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222727-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222723-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222722-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222720-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222719-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222710-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222709-1

---

漏洞識別碼

• CVE-2020-15393
• CVE-2020-36557
• CVE-2020-36558
• CVE-2021-4157
• CVE-2021-26341
• CVE-2021-33655
• CVE-2021-33656
• CVE-2021-39713
• CVE-2022-1116
• CVE-2022-1419
• CVE-2022-1462
• CVE-2022-1679
• CVE-2022-2318
• CVE-2022-2585
• CVE-2022-20132
• CVE-2022-20141
• CVE-2022-20154
• CVE-2022-20166
• CVE-2022-21505
• CVE-2022-26365
• CVE-2022-26373
• CVE-2022-26490
• CVE-2022-28389
• CVE-2022-28390
• CVE-2022-29581
• CVE-2022-29900
• CVE-2022-29901
• CVE-2022-32250
• CVE-2022-33740
• CVE-2022-33741
• CVE-2022-33742
• CVE-2022-33981
• CVE-2022-34918
• CVE-2022-36946

---

資料來源

• AusCERT
• SUSE

---

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.4087
• https://www.auscert.org.au/bulletins/ESB-2022.4040
• https://www.auscert.org.au/bulletins/ESB-2022.4029
• https://www.auscert.org.au/bulletins/ESB-2022.4028
• https://www.auscert.org.au/bulletins/ESB-2022.4027
• https://www.auscert.org.au/bulletins/ESB-2022.4026
• https://www.auscert.org.au/bulletins/ESB-2022.4025
• https://www.auscert.org.au/bulletins/ESB-2022.4030
• https://www.auscert.org.au/bulletins/ESB-2022.4023
• https://www.auscert.org.au/bulletins/ESB-2022.4021
• https://www.auscert.org.au/bulletins/ESB-2022.4018
• https://www.auscert.org.au/bulletins/ESB-2022.4015
• https://www.auscert.org.au/bulletins/ESB-2022.4014
• https://www.auscert.org.au/bulletins/ESB-2022.4013
• https://www.auscert.org.au/bulletins/ESB-2022.4012
• https://www.auscert.org.au/bulletins/ESB-2022.4011
• https://www.auscert.org.au/bulletins/ESB-2022.4010
• https://www.auscert.org.au/bulletins/ESB-2022.4009
• https://www.auscert.org.au/bulletins/ESB-2022.4008
• https://www.auscert.org.au/bulletins/ESB-2022.4007
• https://www.auscert.org.au/bulletins/ESB-2022.4006
• https://www.auscert.org.au/bulletins/ESB-2022.4005
• https://www.auscert.org.au/bulletins/ESB-2022.4004
• https://www.auscert.org.au/bulletins/ESB-2022.4000
• https://www.auscert.org.au/bulletins/ESB-2022.3999
• https://www.suse.com/support/update/announcement/2022/suse-su-20222840-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222827-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222809-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222808-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222803-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222789-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222780-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222779-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222776-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222770-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222766-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222781-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222745-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222762-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222750-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222741-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222738-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222759-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222732-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222726-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222728-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222727-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222723-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222722-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222720-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222719-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222710-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222709-1

SUSE Linux Kernel Multiple Vulnerabilities

Last Update Date: 19 Aug 2022 Release Date: 15 Aug 2022

RISK: Medium Risk

TYPE: Operating Systems - Linux

Multiple vulnerabilities were identified in SUSE Linux Kernel. A remote attacker could exploit some of these vulnerabilities to trigger denial of service condition, elevation of privilege, remote code execution and sensitive information disclosure on the targeted system.

 

[Updated on 2022-08-19]

Updated System / Technologies affected, Solutions, Vulnerability Identifier and Related Links.

---

Impact

• Denial of Service
• Elevation of Privilege
• Remote Code Execution
• Information Disclosure

---

System / Technologies affected

• openSUSE Leap 15.3
• openSUSE Leap 15.4
• SUSE CaaS Platform 4.0
• SUSE Enterprise Storage 6
• SUSE Enterprise Storage 7
• SUSE Linux Enterprise Desktop 12-SP5
• SUSE Linux Enterprise Desktop 15-SP4
• SUSE Linux Enterprise High Availability 12-SP4
• SUSE Linux Enterprise High Availability 12-SP5
• SUSE Linux Enterprise High Availability 15
• SUSE Linux Enterprise High Availability 15-SP1
• SUSE Linux Enterprise High Availability 15-SP2
• SUSE Linux Enterprise High Availability 15-SP4
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 12-SP4
• SUSE Linux Enterprise High Performance Computing 12-SP5
• SUSE Linux Enterprise High Performance Computing 15
• SUSE Linux Enterprise High Performance Computing 15-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP1
• SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP2
• SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise High Performance Computing 15-SP4
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Live Patching 12-SP5
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Module for Basesystem 15-SP4
• SUSE Linux Enterprise Module for Development Tools 15-SP4
• SUSE Linux Enterprise Module for Legacy Software 15-SP4
• SUSE Linux Enterprise Module for Live Patching 15
• SUSE Linux Enterprise Module for Live Patching 15-SP1
• SUSE Linux Enterprise Module for Live Patching 15-SP2
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP4
• SUSE Linux Enterprise Module for Public Cloud 15-SP3
• SUSE Linux Enterprise Module for Public Cloud 15-SP4
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 12-SP2-BCL
• SUSE Linux Enterprise Server 12-SP3-BCL
• SUSE Linux Enterprise Server 12-SP4
• SUSE Linux Enterprise Server 12-SP4-LTSS
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15
• SUSE Linux Enterprise Server 15-LTSS
• SUSE Linux Enterprise Server 15-SP1
• SUSE Linux Enterprise Server 15-SP1-BCL
• SUSE Linux Enterprise Server 15-SP1-LTSS
• SUSE Linux Enterprise Server 15-SP2
• SUSE Linux Enterprise Server 15-SP2-BCL
• SUSE Linux Enterprise Server 15-SP2-LTSS
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server 15-SP4
• SUSE Linux Enterprise Server for SAP 12-SP4
• SUSE Linux Enterprise Server for SAP 15
• SUSE Linux Enterprise Server for SAP 15-SP1
• SUSE Linux Enterprise Server for SAP 15-SP2
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 12-SP5
• SUSE Linux Enterprise Server for SAP Applications 15
• SUSE Linux Enterprise Server for SAP Applications 15-SP1
• SUSE Linux Enterprise Server for SAP Applications 15-SP2
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Server for SAP Applications 15-SP4
• SUSE Linux Enterprise Software Development Kit 12-SP5
• SUSE Linux Enterprise Storage 6
• SUSE Linux Enterprise Storage 7
• SUSE Linux Enterprise Storage 7.1
• SUSE Linux Enterprise Workstation Extension 12-SP5
• SUSE Linux Enterprise Workstation Extension 15-SP4
• SUSE Manager Proxy 4.0
• SUSE Manager Proxy 4.1
• SUSE Manager Proxy 4.2
• SUSE Manager Proxy 4.3
• SUSE Manager Retail Branch Server 4.0
• SUSE Manager Retail Branch Server 4.1
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Retail Branch Server 4.3
• SUSE Manager Server 4.0
• SUSE Manager Server 4.1
• SUSE Manager Server 4.2
• SUSE Manager Server 4.3
• SUSE OpenStack Cloud 9
• SUSE OpenStack Cloud Crowbar 9

---

Solutions

Before installation of the software, please visit the vendor web-site for more details.

 

Apply fixes issued by the vendor:

• https://www.suse.com/support/update/announcement/2022/suse-su-20222840-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222827-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222809-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222808-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222803-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222789-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222780-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222779-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222776-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222770-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222766-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222781-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222745-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222762-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222750-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222741-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222738-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222759-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222732-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222726-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222728-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222727-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222723-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222722-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222720-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222719-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222710-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222709-1

---

Vulnerability Identifier

• CVE-2020-15393
• CVE-2020-36557
• CVE-2020-36558
• CVE-2021-4157
• CVE-2021-26341
• CVE-2021-33655
• CVE-2021-33656
• CVE-2021-39713
• CVE-2022-1116
• CVE-2022-1419
• CVE-2022-1462
• CVE-2022-1679
• CVE-2022-2318
• CVE-2022-2585
• CVE-2022-20132
• CVE-2022-20141
• CVE-2022-20154
• CVE-2022-20166
• CVE-2022-21505
• CVE-2022-26365
• CVE-2022-26373
• CVE-2022-26490
• CVE-2022-28389
• CVE-2022-28390
• CVE-2022-29581
• CVE-2022-29900
• CVE-2022-29901
• CVE-2022-32250
• CVE-2022-33740
• CVE-2022-33741
• CVE-2022-33742
• CVE-2022-33981
• CVE-2022-34918
• CVE-2022-36946

---

Source

• AusCERT
• SUSE

---

Related Link

• https://www.auscert.org.au/bulletins/ESB-2022.4087
• https://www.auscert.org.au/bulletins/ESB-2022.4040
• https://www.auscert.org.au/bulletins/ESB-2022.4029
• https://www.auscert.org.au/bulletins/ESB-2022.4028
• https://www.auscert.org.au/bulletins/ESB-2022.4027
• https://www.auscert.org.au/bulletins/ESB-2022.4026
• https://www.auscert.org.au/bulletins/ESB-2022.4025
• https://www.auscert.org.au/bulletins/ESB-2022.4030
• https://www.auscert.org.au/bulletins/ESB-2022.4023
• https://www.auscert.org.au/bulletins/ESB-2022.4021
• https://www.auscert.org.au/bulletins/ESB-2022.4018
• https://www.auscert.org.au/bulletins/ESB-2022.4015
• https://www.auscert.org.au/bulletins/ESB-2022.4014
• https://www.auscert.org.au/bulletins/ESB-2022.4013
• https://www.auscert.org.au/bulletins/ESB-2022.4012
• https://www.auscert.org.au/bulletins/ESB-2022.4011
• https://www.auscert.org.au/bulletins/ESB-2022.4010
• https://www.auscert.org.au/bulletins/ESB-2022.4009
• https://www.auscert.org.au/bulletins/ESB-2022.4008
• https://www.auscert.org.au/bulletins/ESB-2022.4007
• https://www.auscert.org.au/bulletins/ESB-2022.4006
• https://www.auscert.org.au/bulletins/ESB-2022.4005
• https://www.auscert.org.au/bulletins/ESB-2022.4004
• https://www.auscert.org.au/bulletins/ESB-2022.4000
• https://www.auscert.org.au/bulletins/ESB-2022.3999
• https://www.suse.com/support/update/announcement/2022/suse-su-20222840-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222827-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222809-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222808-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222803-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222789-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222780-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222779-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222776-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222770-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222766-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222781-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222745-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222762-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222750-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222741-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222738-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222759-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222732-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222726-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222728-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222727-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222723-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222722-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222721-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222720-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222719-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222710-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222709-1