Linux 核心多個漏洞

影響

• 阻斷服務
• 權限提升
• 資料洩露
• 遠端執行程式碼

受影響之系統或技術

• openSUSE Leap 15.3
• openSUSE Leap 15.4
• SUSE Enterprise Storage 7
• SUSE Linux Enterprise Desktop 12-SP5
• SUSE Linux Enterprise Desktop 15-SP3
• SUSE Linux Enterprise High Availability 12-SP4
• SUSE Linux Enterprise High Availability 12-SP5
• SUSE Linux Enterprise High Availability 15-SP2
• SUSE Linux Enterprise High Availability 15-SP3
• SUSE Linux Enterprise High Performance Computing
• SUSE Linux Enterprise High Performance Computing 12-SP4
• SUSE Linux Enterprise High Performance Computing 12-SP5
• SUSE Linux Enterprise High Performance Computing 15-SP2
• SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS
• SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS
• SUSE Linux Enterprise High Performance Computing 15-SP3
• SUSE Linux Enterprise Live Patching 12-SP4
• SUSE Linux Enterprise Live Patching 12-SP5
• SUSE Linux Enterprise Micro 5.1
• SUSE Linux Enterprise Micro 5.2
• SUSE Linux Enterprise Module for Basesystem 15-SP3
• SUSE Linux Enterprise Module for Development Tools 15-SP3
• SUSE Linux Enterprise Module for Legacy Software 15-SP3
• SUSE Linux Enterprise Module for Live Patching 15-SP2
• SUSE Linux Enterprise Module for Live Patching 15-SP3
• SUSE Linux Enterprise Module for Public Cloud 15-SP3
• SUSE Linux Enterprise Module for Realtime 15-SP3
• SUSE Linux Enterprise Real Time 15-SP3
• SUSE Linux Enterprise Server
• SUSE Linux Enterprise Server 12-SP2-BCL
• SUSE Linux Enterprise Server 12-SP4
• SUSE Linux Enterprise Server 12-SP4-LTSS
• SUSE Linux Enterprise Server 12-SP5
• SUSE Linux Enterprise Server 15-SP2
• SUSE Linux Enterprise Server 15-SP2-BCL
• SUSE Linux Enterprise Server 15-SP2-LTSS
• SUSE Linux Enterprise Server 15-SP3
• SUSE Linux Enterprise Server for SAP 12-SP4
• SUSE Linux Enterprise Server for SAP 15-SP2
• SUSE Linux Enterprise Server for SAP Applications
• SUSE Linux Enterprise Server for SAP Applications 12-SP5
• SUSE Linux Enterprise Server for SAP Applications 15-SP2
• SUSE Linux Enterprise Server for SAP Applications 15-SP3
• SUSE Linux Enterprise Software Development Kit 12-SP5
• SUSE Linux Enterprise Storage 7
• SUSE Linux Enterprise Storage 7.1
• SUSE Linux Enterprise Workstation Extension 12-SP5
• SUSE Linux Enterprise Workstation Extension 15-SP3
• SUSE Manager Proxy 4.1
• SUSE Manager Proxy 4.2
• SUSE Manager Retail Branch Server 4.1
• SUSE Manager Retail Branch Server 4.2
• SUSE Manager Server 4.1
• SUSE Manager Server 4.2
• SUSE OpenStack Cloud 9
• SUSE OpenStack Cloud Crowbar 9
• Ubuntu 14.04 ESM
• Ubuntu 16.04 ESM 
• Ubuntu 18.04 LTS 
• Ubuntu 20.04 LTS
• Ubuntu 22.04 LTS

解決方案

在安裝軟體之前，請先瀏覽供應商之網站，以獲得更多詳細資料。

對於 SUSE

• 安裝供應商提供的修補程式：
  • https://www.suse.com/support/update/announcement/2022/suse-su-20222376-1
  • https://www.suse.com/support/update/announcement/2022/suse-su-20222377-1
  • https://www.suse.com/support/update/announcement/2022/suse-su-20222379-1
  • https://www.suse.com/support/update/announcement/2022/suse-su-20222382-1
  • https://www.suse.com/support/update/announcement/2022/suse-su-20222393-1/
  • https://www.suse.com/support/update/announcement/2022/suse-su-20222422-1/
  • https://www.suse.com/support/update/announcement/2022/suse-su-20222423-1/
  • https://www.suse.com/support/update/announcement/2022/suse-su-20222424-1/

對於 Ubuntu

• 安裝供應商提供的修補程式：
  • https://ubuntu.com/security/notices/USN-5517-1
  • https://ubuntu.com/security/notices/USN-5518-1
  • https://ubuntu.com/security/notices/USN-5513-1
  • https://ubuntu.com/security/notices/USN-5514-1
  • https://ubuntu.com/security/notices/USN-5515-1

漏洞識別碼

• CVE-2017-16525
• CVE-2019-19377
• CVE-2020-26541
• CVE-2021-3609
• CVE-2021-3752
• CVE-2021-3760
• CVE-2021-4157
• CVE-2021-4197
• CVE-2021-4202
• CVE-2021-26341
• CVE-2021-39685
• CVE-2021-39714
• CVE-2022-0330
• CVE-2022-0500
• CVE-2022-1011
• CVE-2022-1012
• CVE-2022-1184
• CVE-2022-1195
• CVE-2022-1198
• CVE-2022-1199
• CVE-2022-1204
• CVE-2022-1205
• CVE-2022-1353
• CVE-2022-1419
• CVE-2022-1516
• CVE-2022-1652
• CVE-2022-1679
• CVE-2022-1729
• CVE-2022-1734
• CVE-2022-1789
• CVE-2022-1974
• CVE-2022-1975
• CVE-2022-2318
• CVE-2022-2380
• CVE-2022-20132
• CVE-2022-20141
• CVE-2022-20154
• CVE-2022-21123
• CVE-2022-21125
• CVE-2022-21166
• CVE-2022-21499
• CVE-2022-24958
• CVE-2022-26365
• CVE-2022-28356
• CVE-2022-28388
• CVE-2022-28389
• CVE-2022-29900
• CVE-2022-29901
• CVE-2022-33740
• CVE-2022-33741
• CVE-2022-33742
• CVE-2022-33981
• CVE-2022-34494
• CVE-2022-34918

資料來源

• AusCERT
• SUSE
• Ubuntu

相關連結

• https://www.auscert.org.au/bulletins/ESB-2022.3458
• https://www.auscert.org.au/bulletins/ESB-2022.3457
• https://www.auscert.org.au/bulletins/ESB-2022.3452
• https://www.auscert.org.au/bulletins/ESB-2022.3448
• https://www.auscert.org.au/bulletins/ESB-2022.3435
• https://www.auscert.org.au/bulletins/ESB-2022.3434
• https://www.auscert.org.au/bulletins/ESB-2022.3433
• https://www.auscert.org.au/bulletins/ESB-2022.3418
• https://www.auscert.org.au/bulletins/ESB-2022.3417
• https://www.auscert.org.au/bulletins/ESB-2022.3504
• https://www.auscert.org.au/bulletins/ESB-2022.3506
• https://www.auscert.org.au/bulletins/ESB-2022.3507
• https://ubuntu.com/security/notices/USN-5517-1
• https://ubuntu.com/security/notices/USN-5518-1
• https://ubuntu.com/security/notices/USN-5513-1
• https://ubuntu.com/security/notices/USN-5514-1
• https://ubuntu.com/security/notices/USN-5515-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222379-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222382-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222376-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222377-1
• https://www.suse.com/support/update/announcement/2022/suse-su-20222393-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222422-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222423-1/
• https://www.suse.com/support/update/announcement/2022/suse-su-20222424-1/