Marcus Meissner
By: Marcus Meissner

March 2, 2021 6:03 pm

506 views

SUSE addresses another grub2 UEFI secure boot security exposure

Various security researchers and the grub2 team have published more security issues in grub2 today, which can be used to bypass the UEFI secure boot chain. These security issues have the same scope as the BootHole issues from 2020. This attack requires root access to the bootloader used in Linux operating systems, GRUB2. It bypasses […]

Read More


Marcus Meissner
By: Marcus Meissner

December 14, 2020 7:32 am

5,734 views

SUSE statement on Amnesia:33 vulnerabilities

Researchers from Forescout research labs have published a set of new software vulnerabilities that affect embedded TCP/IP stacks. The set of vulnerabilities, called AMNESIA:33, only affects small parts of the SUSE Linux Enterprise set of packages. The Linux Kernel TCP/IP implementation is not affected by these vulnerabilities, as it uses its own IP stack. The […]

Read More


Marcus Meissner
By: Marcus Meissner

November 16, 2020 11:48 am

915 views

SUSE Releases Fix for SADDNS Vulnerability

Security researchers from University of California and Tsinghua University have identified a new variant of DNS cache poisoning attacks called SADDNS ("Side-channel AttackeD DNS") due to newly identified side channel attack against ICMP replies. This reappearance of the DNS cache poisoning attack allows remote attackers to pretend to be different hosts, if your […]

Read More


Marcus Meissner
By: Marcus Meissner

November 10, 2020 6:31 pm

1,278 views

SUSE releases fixes for new PLATYPUS attack

Today security researchers from TU Graz have published a new side-channel information leak attack using power metering in modern Intel CPUs. With this side-channel attack on power consumption fluctuations it is possible to extract secret information on the same CPU, like for instance key material from SGX enclaves or the Linux kernel, or KASLR information […]

Read More


Marcus Meissner
By: Marcus Meissner

October 15, 2020 3:16 pm

2,360 views

SUSE Releases Fixes for BleedingTooth Vulnerabilities

Yesterday evening, Google and Intel published a new set of software vulnerabilities that affect machines running Linux Kernels that use Bluetooth. The set of vulnerabilities, called BleedingTooth, impact SUSE Linux Enterprise systems with enabled Bluetooth hardware. There are 3 separate issues bundled into this set: CVE-2020-24490 (BadVibes): A heap overflow when processing extended advertising report […]

Read More


Marcus Meissner
By: Marcus Meissner

September 17, 2020 1:37 pm

2,600 views

SUSE Addresses “ZeroLogon” Vulnerability

On September 11, Secura research published a new software vulnerability called “ZeroLogon”, which exploits a protocol weakness in the SMB Netlogon protocol. This vulnerability may affect users of SUSE Linux Enterprise Server running Samba servers in older or non-standard configurations. Attackers could use it to bypass access control to the domain controller. A workaround […]

Read More


Marcus Meissner
By: Marcus Meissner

July 27, 2020 8:39 am

13,841 views

SUSE addresses BootHole security exposure

Security researchers from Eclypsium have published an attack called BootHole today. This attack requires root access to the bootloader used in Linux operating systems, GRUB2. It bypasses normal Secure Boot protections to persistently install malicious code which cannot be detected by the operating system. Given the need for root access to the bootloader, the described […]

Read More


Marcus Meissner
By: Marcus Meissner

June 9, 2020 4:39 pm

2,640 views

SUSE addresses Special Register Buffer Data Sampling (SRBDS) aka CrossTalk attack

Today Intel and security researchers published a number of security issues covering various Intel hardware and software components in their IPU 2020.1 release. One of those issues is a side-channel information leak attack against special registers, like the Intel CPU random register. Memory can not be read out, only previously generated random values could […]

Read More


Marcus Meissner
By: Marcus Meissner

May 7, 2020 3:18 pm

1,784 views

Critical security issue in Salt Stack

Security reseachers have identified a critical security vulnerability in the salt stack management framework. If your salt "master" was reachable over the network by attackers, attackers could inject code into your salt managed hosts. At this time there are already reports of exploits in the wild. SUSE has released security updates for its salt […]

Read More


Marcus Meissner
By: Marcus Meissner

November 11, 2019 10:14 am

2,401 views

SUSE addresses Transactional Asynchronous Abort and Machine Check Error on Page Size Changes issues

Today Intel and security researchers published a number of security issues covering various Intel hardware and software components. Intel has published an overview of those issues in a blog article. SUSE is providing updates to mitigate two new Intel CPU issues out of the above list. Machine Check Error on Page Size Changes / CVE-2018-12207 […]

Read More