SUSE statement on Amnesia:33 vulnerabilities | SUSE Communities

SUSE statement on Amnesia:33 vulnerabilities

Share
Share

Researchers from Forescout research labs have published a set of new software vulnerabilities that affect embedded TCP/IP stacks.

The set of vulnerabilities, called AMNESIA:33, only affects small parts of the SUSE Linux Enterprise set of packages.

  • The Linux Kernel TCP/IP implementation is not affected by these vulnerabilities, as it uses its own IP stack.
  • The open-iscsi services embed a variant of the affected uIP IP stack, which is affected by some of the CVEs.

References:

AMNESIA:33, while potentially serious to unpatched systems, poses little danger to those who keep their SUSE product patched and up to date. We are releasing fixes and updates for open-iscsi to all affected versions, eliminating the potential for disruption.

If you have any questions or concerns, please reach out to your SUSE contact. Security and reliability continue to be top priorities for SUSE because they are top priorities for our customers and partners. And as always, customers and partners come first.

Share

Leave a Reply

Your email address will not be published. Required fields are marked *

No comments yet

Avatar photo
8,861 views