SUSE Package Hub - openSUSE-2022-10187

Update Info

openSUSE-2022-10187

Security update for EternalTerminal

Type: security

Severity: important

Issued: 2022-11-02

Description:

This update for EternalTerminal fixes the following issues:

Update to 6.2.1:

* CVE-2022-24949: Fixed race condition allows local attacker to hijack IPC socket (boo#1202435)
* CVE-2022-24950: Fixed privilege escalation to root (boo#1202434)
* CVE-2022-24951: Fixed DoS triggered remotely by invalid sequence numbers (boo#1202433)
* CVE-2022-24952: Fixed race condition allows authenticated attacker to hijack other users' SSH authorization socket (boo#1202432)

References

CVE: CVE-2022-24952
CVE: CVE-2022-24951
CVE: CVE-2022-24950
CVE: CVE-2022-24949
Bugzilla: 1202435 VUL-0: CVE-2022-24949: EternalTerminal: privilege escalation to root
Bugzilla: 1202434 VUL-0: CVE-2022-24950: EternalTerminal: race condition allows authenticated attacker to hijack other users' SSH authorization socket
Bugzilla: 1202433 VUL-0: CVE-2022-24951: EternalTerminal: race condition allows local attacker to hijack IPC socket
Bugzilla: 1202432 VUL-0: CVE-2022-24952: EternalTerminal: DoS triggered remotely by invalid sequence numbers

Packages

EternalTerminal-6.2.1-bp153.2.3.1