OPENSUSE-SU-2023:0004-1
Vulnerability from csaf_opensuse - Published: 2023-01-03 11:01 - Updated: 2023-01-03 11:01Summary
Security update for multimon-ng
Notes
Title of the patch
Security update for multimon-ng
Description of the patch
This update for multimon-ng fixes the following issues:
- Update to new upstream release 1.2.0
* Separated FLEX and FLEX_NEXT. The former is identical to 1.1.9,
while FLEX_NEXT gained new features, as well as known
regressions. (See #168)
* Fix CVE-2020-36619 (boo#1206542)
* Several smaller POCSAG fixes.
* Fix for opening large wav files with improper header.
- Update to new upstream release 1.1.9
* multimon-ng now has a man page, let's try to keep it updated.
* FLEX: Changes to group messages and delimiters.
* FMS: Fixed a problem with the direction of telegrams.
* POCSAG: Support for the Slovenian charset.
Patchnames
openSUSE-2023-4
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for multimon-ng",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for multimon-ng fixes the following issues:\n\n- Update to new upstream release 1.2.0\n * Separated FLEX and FLEX_NEXT. The former is identical to 1.1.9,\n while FLEX_NEXT gained new features, as well as known\n regressions. (See #168)\n * Fix CVE-2020-36619 (boo#1206542)\n * Several smaller POCSAG fixes.\n * Fix for opening large wav files with improper header.\n\n- Update to new upstream release 1.1.9\n * multimon-ng now has a man page, let\u0027s try to keep it updated.\n * FLEX: Changes to group messages and delimiters.\n * FMS: Fixed a problem with the direction of telegrams.\n * POCSAG: Support for the Slovenian charset.\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2023-4",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0004-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2023:0004-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L32DS6DZG7UVWWLTPMQBMKONSINMACOF/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2023:0004-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L32DS6DZG7UVWWLTPMQBMKONSINMACOF/"
},
{
"category": "self",
"summary": "SUSE Bug 1206542",
"url": "https://bugzilla.suse.com/1206542"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-36619 page",
"url": "https://www.suse.com/security/cve/CVE-2020-36619/"
}
],
"title": "Security update for multimon-ng",
"tracking": {
"current_release_date": "2023-01-03T11:01:23Z",
"generator": {
"date": "2023-01-03T11:01:23Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2023:0004-1",
"initial_release_date": "2023-01-03T11:01:23Z",
"revision_history": [
{
"date": "2023-01-03T11:01:23Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"product": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"product_id": "multimon-ng-1.2.0-bp153.2.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "multimon-ng-1.2.0-bp153.2.3.1.i586",
"product": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.i586",
"product_id": "multimon-ng-1.2.0-bp153.2.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"product": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"product_id": "multimon-ng-1.2.0-bp153.2.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "multimon-ng-1.2.0-bp153.2.3.1.s390x",
"product": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.s390x",
"product_id": "multimon-ng-1.2.0-bp153.2.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "multimon-ng-1.2.0-bp153.2.3.1.x86_64",
"product": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.x86_64",
"product_id": "multimon-ng-1.2.0-bp153.2.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Package Hub 15 SP3",
"product": {
"name": "SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3"
}
},
{
"category": "product_name",
"name": "openSUSE Leap 15.3",
"product": {
"name": "openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.3"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.aarch64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.aarch64"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.i586 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.i586"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.i586",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.ppc64le as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.ppc64le"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.s390x as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.s390x"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.x86_64 as component of SUSE Package Hub 15 SP3",
"product_id": "SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.x86_64"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "SUSE Package Hub 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.aarch64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.aarch64"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.i586 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.i586"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.ppc64le as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.ppc64le"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.s390x as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.s390x"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.s390x",
"relates_to_product_reference": "openSUSE Leap 15.3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "multimon-ng-1.2.0-bp153.2.3.1.x86_64 as component of openSUSE Leap 15.3",
"product_id": "openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.x86_64"
},
"product_reference": "multimon-ng-1.2.0-bp153.2.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.3"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-36619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-36619"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in multimon-ng. It has been rated as critical. This issue affects the function add_ch of the file demod_flex.c. The manipulation of the argument ch leads to format string. Upgrading to version 1.2.0 is able to address this issue. The name of the patch is e5a51c508ef952e81a6da25b43034dd1ed023c07. It is recommended to upgrade the affected component. The identifier VDB-216269 was assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-36619",
"url": "https://www.suse.com/security/cve/CVE-2020-36619"
},
{
"category": "external",
"summary": "SUSE Bug 1206542 for CVE-2020-36619",
"url": "https://bugzilla.suse.com/1206542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.i586",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.s390x",
"SUSE Package Hub 15 SP3:multimon-ng-1.2.0-bp153.2.3.1.x86_64",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.aarch64",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.i586",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.ppc64le",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.s390x",
"openSUSE Leap 15.3:multimon-ng-1.2.0-bp153.2.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-01-03T11:01:23Z",
"details": "critical"
}
],
"title": "CVE-2020-36619"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…