RSA-2020-04: RSA Identity Governance and Lifecycle Security Update for SUSE Linux Enterprise Server Vulnerabilities

Document created by RSA Product Team Employee on Dec 1, 2020Last modified by RSA Product Team Employee on Dec 1, 2020
Version 2Show Document
  • View in full screen mode
RSA Identifier:

RSA-2020-04

CVE Identifier:See Advisory
Severity:Critical
Severity Rating:See NVD (http://nvd.nist.gov/home.cfm) for individual scores for each CVE
Affected Products:

All versions

• RSA Identity Governance and Lifecycle (Hardware Appliance and Virtual Application deployments only)
• RSA Via Lifecycle and Governance Lifecycle (Hardware Appliance deployments only)
• RSA IMG Lifecycle (Hardware Appliance deployments only)

 

Note: - The latest patches affect the hardware Appliance and Virtual Application deployments with an RSA supplied SUSE Linux Enterprise Server 12 SP4 operating system. For those customers currently using SUSE Linux Enterprise Server 12 SP3, the updater will update you to SUSE Linux Enterprise Server 12 SP4 with all the latest patches.


Unaffected Products:
• RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG: Software-only systems or any deployment where RSA did not supply the operating system.

Summary:The embedded operating system components in RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG require a security update to address various vulnerabilities.
Details:

RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, and RSA IMG have been updated to address the following security vulnerabilities.  

 

SUSE Linux Enterprise Server 12 SP4 OS Updates

 

CVE-2009-5155

CVE-2016-10254

CVE-2016-10255

CVE-2016-3189

CVE-2017-2518

CVE-2017-2579

CVE-2017-2580

CVE-2017-7607

CVE-2017-7608

CVE-2017-7610

CVE-2017-7611

CVE-2017-7612

CVE-2017-7613

CVE-2017-7960

CVE-2017-7961

CVE-2017-8834

CVE-2017-8871

CVE-2018-1000877

CVE-2018-1000878

CVE-2018-16062

CVE-2018-16403

CVE-2018-16428

CVE-2018-16429

CVE-2018-18310

CVE-2018-18520

CVE-2018-18521

CVE-2018-20836

CVE-2018-20852

CVE-2018-7191

CVE-2018-8975

CVE-2019-1000019

CVE-2019-1000020

CVE-2019-10126

CVE-2019-10160

CVE-2019-10638

CVE-2019-10639

CVE-2019-11459

CVE-2019-11477

CVE-2019-11478

CVE-2019-11479

CVE-2019-11486

CVE-2019-11487

CVE-2019-11599

CVE-2019-11707

CVE-2019-11708

CVE-2019-11709

CVE-2019-11711

CVE-2019-11712

CVE-2019-11713

CVE-2019-11715

CVE-2019-11717

CVE-2019-11719

CVE-2019-11729

CVE-2019-11730

CVE-2019-11815

CVE-2019-11833

CVE-2019-11884

CVE-2019-12380

CVE-2019-12382

CVE-2019-12450

CVE-2019-12456

CVE-2019-12614

CVE-2019-12735

CVE-2019-12818

CVE-2019-12819

CVE-2019-12900

CVE-2019-13012

CVE-2019-1551

CVE-2019-2201

CVE-2019-2745

CVE-2019-2762

CVE-2019-2766

CVE-2019-2769

CVE-2019-2786

CVE-2019-2816

CVE-2019-2842

CVE-2019-2894

CVE-2019-2933

CVE-2019-2945

CVE-2019-2949

CVE-2019-2958

CVE-2019-2962

CVE-2019-2964

CVE-2019-2973

CVE-2019-2975

CVE-2019-2978

CVE-2019-2981

CVE-2019-2983

CVE-2019-2987

CVE-2019-2988

CVE-2019-2989

CVE-2019-2992

CVE-2019-2999

CVE-2019-3688

CVE-2019-3690

CVE-2019-3701

CVE-2019-3846

CVE-2019-5068

CVE-2019-5188

CVE-2019-5489

CVE-2019-6128

CVE-2019-6133

CVE-2019-7150

CVE-2019-7663

CVE-2019-7665

CVE-2019-8457

CVE-2019-8625

CVE-2019-8675

CVE-2019-8696

CVE-2019-8710

CVE-2019-8720

CVE-2019-8743

CVE-2019-8764

CVE-2019-8766

CVE-2019-8769

CVE-2019-8771

CVE-2019-8782

CVE-2019-8783

CVE-2019-8808

CVE-2019-8811

CVE-2019-8812

CVE-2019-8813

CVE-2019-8814

CVE-2019-8815

CVE-2019-8816

CVE-2019-8819

CVE-2019-8820

CVE-2019-8823

CVE-2019-8835

CVE-2019-8844

CVE-2019-8846

CVE-2019-9169

CVE-2019-9232

CVE-2019-9278

CVE-2019-9433

CVE-2019-9458

CVE-2019-9674

CVE-2019-9811

CVE-2019-9836

CVE-2019-9893

CVE-2019-9928

CVE-2019-9948

CVE-2020-10018

CVE-2020-10029

CVE-2020-10531

CVE-2020-10942

CVE-2020-11494

CVE-2020-11669

CVE-2020-11793

CVE-2020-12243

CVE-2020-12268

CVE-2020-12387

CVE-2020-12388

CVE-2020-12389

CVE-2020-12392

CVE-2020-12393

CVE-2020-12395

CVE-2020-9383

 

 


Note - For more information about any of the Common Vulnerabilities and Exposures (CVEs) mentioned here consult the National Vulnerability Database (NVD) at http://nvd.nist.gov/home.cfm.  To search for a CVE, use the database's search utility at http://web.nvd.nist.gov/view/vuln/search.

Recommendation:

The Appliance Updater tool's October 2020 releases will resolve these issues and ensures that the embedded OS components are kept current with security updates and patches.

 

RSA recommends all appliance customers who are on SUSE Linux Enterprise Server 12 SP3/SP4 to run the appliance updater as the latest patches will be applied to the current installation.

 

This Appliance Updater supports the RSA Identity Governance and Lifecycle, RSA Via Lifecycle and Governance, or RSA IMG products which use an RSA supplied SUSE Linux Enterprise Server 12 SP3/SP4 operating system.

 

Customers can obtain the documentation and software by downloading them from the Downloads area on RSA Identity Governance and Lifecycle space of RSA Link.

• RSA Identity Governance and Lifecycle: RSA Identity Governance and Lifecycle Appliance Updater
• RSA Via L&G: RSA Via Lifecycle and Governance Appliance Updater
• RSA IMG: RSA Identity Management and Governance Appliance Updater

Severity Rating:For an explanation of Severity Ratings, refer to the RSA Vulnerability Disclosure Policy. RSA recommends all customers take into account both the base score and any relevant temporal and environmental scores which may impact the potential severity associated with a particular security vulnerability.
EOPS Policy:RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.
Legal Information:

Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this advisory, contact RSA Customer Support. RSA Security LLC and its affiliates distribute RSA Security Advisories in order to bring to the attention of users of the affected RSA products, important security information.

 

RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided "as is" without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title, and non-infringement.

 

In no event shall RSA, its affiliates, or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA, its affiliates or its suppliers have been advised of the possibility of such damages. Some jurisdictions do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes