SUSE SLES15 Security Update : conmon (SUSE-SU-2022:3896-1)

high Nessus Plugin ID 167223

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2022:3896-1 advisory.

conmon was updated to 2.1.3:

* Stop using g_unix_signal_add() to avoid threads
* Rename CLI optionlog-size-global-max to log-global-size-max

Update to version 2.1.2:

* add log-global-size-max option to limit the total output conmon processes (CVE-2022-1708 bsc#1200285)
* journald: print tag and name if both are specified
* drop some logs to debug level

Update to version 2.1.0

* logging: buffer partial messages to journald
* exit: close all fds >= 3
* fix: cgroup: Free memory_cgroup_file_path if open fails.
Call g_free instead of free.

Update to version 2.0.32

* Fix: Avoid mainfd_std{in,out} sharing the same file descriptor.
* exit_command: Fix: unset subreaper attribute before running exit command

Update to version 2.0.31

* logging: new mode -l passthrough
* ctr_logs: use container name or ID as SYSLOG_IDENTIFIER for journald
* conmon: Fix: free userdata files before exec cleanup

Update to version 2.0.30:

* Remove unreachable code path
* exit: report if the exit command was killed
* exit: fix race zombie reaper
* conn_sock: allow watchdog messages through the notify socket proxy
* seccomp: add support for seccomp notify

Update to version 2.0.29:

* Reset OOM score back to 0 for container runtime
* call functions registered with atexit on SIGTERM
* conn_sock: fix potential segfault

Update to version 2.0.27:

* Add CRI-O integration test GitHub action
* exec: don't fail on EBADFD
* close_fds: fix close of external fds
* Add arm64 static build binary

Update to version 2.0.26:

* conn_sock: do not fail on EAGAIN
* fix segfault from a double freed pointer
* Fix a bug where conmon could never spawn a container, because a disagreement between the caller and itself on where the attach socket was.
* improve --full-attach to ignore the socket-dir directly. that means callers don't need to specify a socket dir at all (and can remove it)
* add full-attach option to allow callers to not truncate a very long path for the attach socket
* close only opened FDs
* set locale to inherit environment

Update to version 2.0.22:

* added man page
* attach: always chdir
* conn_sock: Explicitly free a heap-allocated string
* refactor I/O and add SD_NOTIFY proxy support

Update to version 2.0.21:

* protect against kill(-1)
* Makefile: enable debuginfo generation
* Remove go.sum file and add go.mod
* Fail if conmon config could not be written
* nix: remove double definition for e2fsprogs
* Speedup static build by utilizing CI cache on `/nix` folder
* Fix nix build for failing e2fsprogs tests
* test: fix CI
* Use Podman for building

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected conmon package.

See Also

https://bugzilla.suse.com/1200285

https://www.suse.com/security/cve/CVE-2022-1708

http://www.nessus.org/u?47560ffd

Plugin Details

Severity: High

ID: 167223

File Name: suse_SU-2022-3896-1.nasl

Version: 1.6

Type: Local

Agent: unix

Published: 11/9/2022

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2022-1708

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:conmon, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2022

Vulnerability Publication Date: 6/6/2022

Reference Information

CVE: CVE-2022-1708

SuSE: SUSE-SU-2022:3896-1