Security update for nrpe SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0586-1 Final 1 1 2023-03-01T12:43:28Z current 2023-03-01T12:43:28Z 2023-03-01T12:43:28Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nrpe This update for nrpe fixes the following issues: - CVE-2015-4000: Fixed Logjam Attack by increasing the standard size of 512 bit dh parameters to 2048 (bsc#931600, bsc#938906). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-586,SUSE-OpenStack-Cloud-9-2023-586,SUSE-OpenStack-Cloud-Crowbar-9-2023-586,SUSE-SLE-SAP-12-SP4-2023-586,SUSE-SLE-SERVER-12-SP2-BCL-2023-586,SUSE-SLE-SERVER-12-SP4-ESPOS-2023-586,SUSE-SLE-SERVER-12-SP4-LTSS-2023-586,SUSE-SLE-SERVER-12-SP5-2023-586 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230586-1/ Link for SUSE-SU-2023:0586-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/013955.html E-Mail link for SUSE-SU-2023:0586-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/931600 SUSE Bug 931600 https://bugzilla.suse.com/938906 SUSE Bug 938906 https://www.suse.com/security/cve/CVE-2015-4000/ SUSE CVE CVE-2015-4000 page SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP4-ESPOS SUSE Linux Enterprise Server 12 SP4-LTSS SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9 monitoring-plugins-nrpe-2.15-6.3.1 nrpe-2.15-6.3.1 nrpe-doc-2.15-6.3.1 monitoring-plugins-nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL monitoring-plugins-nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-ESPOS monitoring-plugins-nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP4-LTSS monitoring-plugins-nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP5 nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server 12 SP5 monitoring-plugins-nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP4 monitoring-plugins-nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 nrpe-2.15-6.3.1 as a component of SUSE Linux Enterprise Server for SAP Applications 12 SP5 monitoring-plugins-nrpe-2.15-6.3.1 as a component of SUSE OpenStack Cloud 9 nrpe-2.15-6.3.1 as a component of SUSE OpenStack Cloud 9 monitoring-plugins-nrpe-2.15-6.3.1 as a component of SUSE OpenStack Cloud Crowbar 9 nrpe-2.15-6.3.1 as a component of SUSE OpenStack Cloud Crowbar 9 The TLS protocol 1.2 and earlier, when a DHE_EXPORT ciphersuite is enabled on a server but not on a client, does not properly convey a DHE_EXPORT choice, which allows man-in-the-middle attackers to conduct cipher-downgrade attacks by rewriting a ClientHello with DHE replaced by DHE_EXPORT and then rewriting a ServerHello with DHE_EXPORT replaced by DHE, aka the "Logjam" issue. CVE-2015-4000 SUSE Linux Enterprise Server 12 SP2-BCL:monitoring-plugins-nrpe-2.15-6.3.1 SUSE Linux Enterprise Server 12 SP2-BCL:nrpe-2.15-6.3.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:monitoring-plugins-nrpe-2.15-6.3.1 SUSE Linux Enterprise Server 12 SP4-ESPOS:nrpe-2.15-6.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:monitoring-plugins-nrpe-2.15-6.3.1 SUSE Linux Enterprise Server 12 SP4-LTSS:nrpe-2.15-6.3.1 SUSE Linux Enterprise Server 12 SP5:monitoring-plugins-nrpe-2.15-6.3.1 SUSE Linux Enterprise Server 12 SP5:nrpe-2.15-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:monitoring-plugins-nrpe-2.15-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4:nrpe-2.15-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:monitoring-plugins-nrpe-2.15-6.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5:nrpe-2.15-6.3.1 SUSE OpenStack Cloud 9:monitoring-plugins-nrpe-2.15-6.3.1 SUSE OpenStack Cloud 9:nrpe-2.15-6.3.1 SUSE OpenStack Cloud Crowbar 9:monitoring-plugins-nrpe-2.15-6.3.1 SUSE OpenStack Cloud Crowbar 9:nrpe-2.15-6.3.1 important 7.3 AV:N/AC:H/Au:N/C:C/I:C/A:P 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230586-1/ https://www.suse.com/security/cve/CVE-2015-4000.html CVE-2015-4000 https://bugzilla.suse.com/1074631 SUSE Bug 1074631 https://bugzilla.suse.com/1211968 SUSE Bug 1211968 https://bugzilla.suse.com/931600 SUSE Bug 931600 https://bugzilla.suse.com/931698 SUSE Bug 931698 https://bugzilla.suse.com/931723 SUSE Bug 931723 https://bugzilla.suse.com/931845 SUSE Bug 931845 https://bugzilla.suse.com/932026 SUSE Bug 932026 https://bugzilla.suse.com/932483 SUSE Bug 932483 https://bugzilla.suse.com/934789 SUSE Bug 934789 https://bugzilla.suse.com/935033 SUSE Bug 935033 https://bugzilla.suse.com/935540 SUSE Bug 935540 https://bugzilla.suse.com/935979 SUSE Bug 935979 https://bugzilla.suse.com/937202 SUSE Bug 937202 https://bugzilla.suse.com/937766 SUSE Bug 937766 https://bugzilla.suse.com/938248 SUSE Bug 938248 https://bugzilla.suse.com/938432 SUSE Bug 938432 https://bugzilla.suse.com/938895 SUSE Bug 938895 https://bugzilla.suse.com/938905 SUSE Bug 938905 https://bugzilla.suse.com/938906 SUSE Bug 938906 https://bugzilla.suse.com/938913 SUSE Bug 938913 https://bugzilla.suse.com/938945 SUSE Bug 938945 https://bugzilla.suse.com/943664 SUSE Bug 943664 https://bugzilla.suse.com/944729 SUSE Bug 944729 https://bugzilla.suse.com/945582 SUSE Bug 945582 https://bugzilla.suse.com/955589 SUSE Bug 955589 https://bugzilla.suse.com/980406 SUSE Bug 980406 https://bugzilla.suse.com/990592 SUSE Bug 990592 https://bugzilla.suse.com/994144 SUSE Bug 994144