DSA-2020-085: RSA Identity Governance and Lifecycle Security Update for SUSE Linux Enterprise Server Vulnerabilities

Document created by RSA Product Team Employee on Mar 31, 2020Last modified by RSA Product Team Employee on Mar 31, 2020
Version 2Show Document
  • View in full screen mode
Dell EMC Identifier:DSA-2020-085
CVE Identifier:See Advisory
Severity:Critical
Severity Rating:See NVD (http://nvd.nist.gov/home.cfm) for individual scores for each CVE
Affected Products:

• RSA Identity Governance and Lifecycle (Hardware Appliance and Virtual Application deployments only)
• RSA Via Lifecycle and Governance Lifecycle (Hardware Appliance deployments only)
• RSA IMG Lifecycle (Hardware Appliance deployments only)

 

Note: - The latest patches affect the hardware Appliance and Virtual Application deployments with an RSA supplied SUSE Linux Enterprise Server 12 SP4 operating system. For those customers currently using SUSE Linux Enterprise Server 12 SP3 the updater will update you to SUSE Linux Enterprise Server 12 SP4 with all the latest patches.


Unaffected Products:
• RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG:
Software-only systems or any deployment where RSA did not supply the operating system.

Summary:The embedded operating system components in RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG require a security update to address various vulnerabilities.
Details:

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG have been updated to address the following security vulnerabilities.

 

SUSE Linux Enterprise Server 12 SP4 OS Updates

 

CVE-2016-5102

CVE-2017-2518

CVE-2017-12652

CVE-2018-10754

CVE-2018-12207

CVE-2018-17000

CVE-2018-18508

CVE-2018-19870

CVE-2018-19872

CVE-2018-1000877

CVE-2018-1000878

CVE-2019-0154

CVE-2019-0155

CVE-2019-1551

CVE-2019-2201

CVE-2019-2894

CVE-2019-2933

CVE-2019-2945

CVE-2019-2949

CVE-2019-2958

CVE-2019-2962

CVE-2019-2964

CVE-2019-2973

CVE-2019-2975

CVE-2019-2978

CVE-2019-2981

CVE-2019-2983

CVE-2019-2987

CVE-2019-2988

CVE-2019-2989

CVE-2019-2992

CVE-2019-2999

CVE-2019-3688

CVE-2019-3690

CVE-2019-5068

CVE-2019-5188

CVE-2019-6128

CVE-2019-7663

CVE-2019-8675

CVE-2019-8696

CVE-2019-9893

CVE-2019-10220

CVE-2019-11135

CVE-2019-11139

CVE-2019-11745

CVE-2019-13722

CVE-2019-14250

CVE-2019-14866

CVE-2019-14869

CVE-2019-14889

CVE-2019-14895

CVE-2019-14907

CVE-2019-14973

CVE-2019-15847

CVE-2019-15916

CVE-2019-16231

CVE-2019-16233

CVE-2019-16995

CVE-2019-17005

CVE-2019-17008

CVE-2019-17009

CVE-2019-17010

CVE-2019-17011

CVE-2019-17012

CVE-2019-17015

CVE-2019-17016

CVE-2019-17017

CVE-2019-17021

CVE-2019-17022

CVE-2019-17024

CVE-2019-17026

CVE-2019-17055

CVE-2019-17498

CVE-2019-17544

CVE-2019-17594

CVE-2019-17595

CVE-2019-18408

CVE-2019-18634

CVE-2019-18660

CVE-2019-18683

CVE-2019-18805

CVE-2019-18809

CVE-2019-18900

CVE-2019-18902

CVE-2019-18903

CVE-2019-19049

CVE-2019-19052

CVE-2019-19056

CVE-2019-19057

CVE-2019-19058

CVE-2019-19060

CVE-2019-19062

CVE-2019-19063

CVE-2019-19065

CVE-2019-19067

CVE-2019-19068

CVE-2019-19073

CVE-2019-19074

CVE-2019-19075

CVE-2019-19077

CVE-2019-19227

CVE-2019-19725

CVE-2019-1000019

CVE-2019-1000020

CVE-2020-0569

CVE-2020-1712

CVE-2020-2583

CVE-2020-2590

CVE-2020-2593

CVE-2020-2601

CVE-2020-2604

CVE-2020-2654

CVE-2020-2659

CVE-2020-6796

CVE-2020-6797

CVE-2020-6798

CVE-2020-6799

CVE-2020-6800

CVE-2020-7216

CVE-2020-7217


Note - For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  To search for a CVE, use the database's search utility at http://web.nvd.nist.gov/view/vuln/search.

 

Recommendation:

The Appliance Updater tool's March 2020 releases will resolve these issues and ensures that the embedded OS components are kept current with security updates and patches.

 

RSA recommends all appliance customers who are on SUSE Linux Enterprise Server 12 SP3/SP4 to run the appliance updater as latest patches will be applied to the current installation.

 

This Appliance Updater supports the RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, or RSA IMG products which use an RSA supplied SUSE Linux Enterprise Server 12 SP3/SP4 operating system.

 

Customers can obtain the documentation and software by downloading them from the Downloads area on RSA Identity Governance and Lifecycle space of RSA Link.

 

• RSA Identity Governance and Lifecycle: RSA Identity Governance and Lifecycle Appliance Updater
• RSA Via L&G: RSA Via Lifecycle and Governance Appliance Updater
• RSA IMG: RSA Identity Management and Governance Appliance Updater

Severity Rating:For an explanation of Severity Ratings, refer to Dell’s Vulnerability Disclosure Policy. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with particular security vulnerability.
EOPS Policy:RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.
Legal Information:

Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Customer Support. RSA Security LLC and its affiliates, including without limitation, its ultimate parent company, Dell Technologies, distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information.

 

RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement.

 

In no event shall RSA, its affiliates or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes