SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)

high Nessus Plugin ID 173289

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0871-1 advisory.

This update of container-suseconnect fixes the following issue:

- container-suseconnect was rebuilt against the current go1.19 release, fixing security issues and other bugs fixed in go1.19.7.

- CVE-2022-41723: Fixed quadratic complexity in HPACK decoding (bsc#1208270).
- CVE-2022-41724: Fixed panic with arge handshake records in crypto/tls (bsc#1208271).
- CVE-2022-41725: Fixed denial of service from excessive resource consumption in net/http and mime/multipart (bsc#1208272).
- CVE-2023-24532: Fixed incorrect P-256 ScalarMult and ScalarBaseMult results (bsc#1209030).

- CVE-2022-41720: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows (bsc#1206134).

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected container-suseconnect package.

See Also

https://bugzilla.suse.com/1200441

https://bugzilla.suse.com/1206134

https://bugzilla.suse.com/1208270

https://bugzilla.suse.com/1208271

https://bugzilla.suse.com/1208272

https://bugzilla.suse.com/1209030

https://www.suse.com/security/cve/CVE-2022-41720

https://www.suse.com/security/cve/CVE-2022-41723

https://www.suse.com/security/cve/CVE-2022-41724

https://www.suse.com/security/cve/CVE-2022-41725

https://www.suse.com/security/cve/CVE-2023-24532

http://www.nessus.org/u?ea66458c

Plugin Details

Severity: High

ID: 173289

File Name: suse_SU-2023-0871-1.nasl

Version: 1.4

Type: Local

Agent: unix

Published: 3/23/2023

Updated: 6/26/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3

Percentile: 23.18

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

CVSS Score Source: CVE-2022-41720

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15, p-cpe:/a:novell:suse_linux:container-suseconnect

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/22/2023

Vulnerability Publication Date: 12/6/2022

Reference Information

CVE: CVE-2022-41720, CVE-2022-41723, CVE-2022-41724, CVE-2022-41725, CVE-2023-24532

SuSE: SUSE-SU-2023:0871-1