CVE-2017-15638
First published: Fri Nov 10 2017(Updated: )
The SuSEfirewall2 package before 3.6.312-2.13.1 in SUSE Linux Enterprise (SLE) Desktop 12 SP2, Server 12 SP2, and Server for Raspberry Pi 12 SP2; before 3.6.312.333-3.10.1 in SLE Desktop 12 SP3 and Server 12 SP3; before 3.6_SVNr208-2.18.3.1 in SLE Server 11 SP4; before 3.6.312-5.9.1 in openSUSE Leap 42.2; and before 3.6.312.333-7.1 in openSUSE Leap 42.3 might allow remote attackers to bypass intended access restrictions on the portmap service by leveraging a missing source net restriction for _rpc_ services.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Suse Susefirewall2 | ||
| openSUSE Leap | =42.2 | |
| openSUSE Leap | =42.3 | |
| SUSE Linux Enterprise Desktop | =12-sp2 | |
| SUSE Linux Enterprise Desktop | =12-sp3 | |
| SUSE Linux Enterprise Server | =11-sp4 | |
| SUSE Linux Enterprise Server | =12-sp2 | |
| SUSE Linux Enterprise Server | =12-sp3 | |
| Suse Linux Enterprise Server For Raspberry Pi | =12-sp2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this security issue?
The vulnerability ID for this security issue is CVE-2017-15638.
What is the severity level of CVE-2017-15638?
CVE-2017-15638 has a severity level of medium (6.5).
Which software packages are affected by CVE-2017-15638?
The SuSEfirewall2 package in SUSE Linux Enterprise Desktop 12 SP2, Server 12 SP2, Server for Raspberry Pi 12 SP2, OpenSUSE Leap 42.2, OpenSUSE Leap 42.3, SUSE Linux Enterprise Desktop 12 SP3, SUSE Linux Enterprise Server 11 SP4, SUSE Linux Enterprise Server 12 SP2, and SUSE Linux Enterprise Server 12 SP3 are affected by CVE-2017-15638.
What is the fix for CVE-2017-15638?
To fix CVE-2017-15638, it is recommended to update the SuSEfirewall2 package to version 3.6.312-2.13.1 or later.
Where can I find more information about CVE-2017-15638?
More information about CVE-2017-15638 can be found at the following link: [http://lists.opensuse.org/opensuse-updates/2017-11/msg00014.html](http://lists.opensuse.org/opensuse-updates/2017-11/msg00014.html)
- agent/references
- agent/author
- agent/severity
- agent/type
- agent/tags
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/suse
- canonical/suse susefirewall2
- vendor/opensuse
- canonical/opensuse leap
- version/opensuse leap/42.2
- version/opensuse leap/42.3
- canonical/suse linux enterprise desktop
- version/suse linux enterprise desktop/12-sp2
- version/suse linux enterprise desktop/12-sp3
- canonical/suse linux enterprise server
- version/suse linux enterprise server/11-sp4
- version/suse linux enterprise server/12-sp2
- version/suse linux enterprise server/12-sp3
- canonical/suse linux enterprise server for raspberry pi
- version/suse linux enterprise server for raspberry pi/12-sp2