Login
Newsletter
Werbung

Sicherheit: Ausführen beliebiger Kommandos in SUSE Manager Server 4.1
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in SUSE Manager Server 4.1
ID: SUSE-SU-2020:2373-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for SUSE Manager Server 4.1
Datum: Sa, 29. August 2020, 00:06
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Applikationen: SUSE Manager Server 4.1

Originalnachricht


SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________

Announcement ID: SUSE-SU-2020:2373-1
Rating: moderate
References: #1136857 #1165572 #1169553 #1169780 #1170244
#1170468 #1170654 #1171281 #1172279 #1172504
#1172709 #1172807 #1172831 #1172839 #1173169
#1173522 #1173535 #1173554 #1173566 #1173584
#1173932 #1173982 #1173997 #1174025 #1174167
#1174229 #1174325 #1174405 #1174470 #1174965
#1175485 #1175555 #1175558 #1175724 #1175791
#678126
Cross-References: CVE-2020-11022
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________

An update that solves one vulnerability and has 35 fixes is
now available.

Description:

This update fixes the following issues:

cobbler:

- More old modules naming fixes (bsc#1169553)

image-sync-formula:

- Allow image-sync state on regular minion. Image sync state requires
branch-network pillars to get the directory where to sync images. Use
default `/srv/saltboot` if that pillar is missing so image-sync can be
applied on non branch minions as well.

mgr-libmod:

- Remove unnecessary array wrap in 'list_modules' response object

mgr-osad:

- Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher
(bsc#1174405)

openvpn-formula:

- Add hint that ssl certs must be on system (bsc#1172279)

patterns-suse-manager:

- Add Recommends for golang-github-QubitProducts-exporter_exporter

prometheus-exporters-formula:

- Bugfix: Handle exporters proxy for unsupported distros (bsc#1175555)
- Add support for exporters proxy (exporter_exporter)

pxe-default-image-sle15:

- Rollback the workaround for bsc#1172807, as dracut is now fixed

saltboot-formula:

- Better fix for rounding errors (bsc#1136857)

spacecmd:

- Fix softwarechannel update for vendor channels (bsc#1172709)
- Fix escaping of package names (bsc#1171281)

spacewalk-backend:

- Adds basic functionality for gpg check
- Verify GPG signature of Ubuntu/Debian repository metadata (Release file)
- Take care of SCC auth tokens on DEB repos GPG checks (bsc#1175485)
- Use spacewalk keyring for GPG checks on DEB repos (bsc#1175485)

spacewalk-branding:

- Implement Maintenance Windows
- Fix typo on spacewalk-branding license

spacewalk-certs-tools:

- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)
- Fix centos detection (bsc#1173584)

spacewalk-java:

- Use media.1/products from media when not specified different
(bsc#1175558)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix error when rolling back a system to a snapshot (bsc#1173997)
- Implement maintenance windows backend
- Add check for maintainence window during executing recurring actions
- Implement maintenance windows in struts
- XMLRPC: Assign/retract maintenance schedule to/from systems
- Fix softwarechannel update for vendor channels (bsc#1172709)
- Avoid deadlock when syncing channels and registering minions at the same
time (bsc#1173566)
- Change system list header text to something better (bsc#1173982)
- Set CPU and memory info for virtual instances (bsc#1170244)
- Add virtual network Start, Stop and Delete actions
- Add virtual network list page
- Fix httpcomponents and gson jar symlinks (bsc#1174229)
- Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)
- Provide comps.xml and modules.yaml when using onlinerepo for kickstart
- Refresh virtualization pages only on events
- Fix up2date detection on RH8 when salt-minion is used for registration
- Improve performance of the System Groups page with many clients
(bsc#1172839)
- Include number of non-patch package updates to non-critical update
counts in system group pages (bsc#1170468)
- Bump XMLRPC API version number to distinguish from Spacewalk 2.10
- Cluster UI: return to overview page after scheduling actions
- Fix NPE on auto installation when no kernel options are given
(bsc#1173932)
- Fix issue with disabling self_update for autoyast autoupgrade
(bsc#1170654)
- Adapt expectations for jobs return events after switching Salt states to
use 'mgrcompat.module_run' state.

spacewalk-utils:

- Add aarch64 for openSUSE Leap 15.1 and 15.2

spacewalk-web:

- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Fix JS linting errors/warnings
- Enable Nutanix AHV virtual host gatherer.
- Web UI: Implement managing maintenance schedules and calendars
- Warn when a system is in multiple groups that configure the same formula
in the system formula's UI (bsc#1173554)
- Add virtual network start, stop and delete actions
- Add virtual network list page
- Fix internal server error when creating module filters in CLM
(bsc#1174325)
- Fix VM creation page when there is no volume in the default storage pool
- Refresh virtualization pages only on events
- Product list in the Wizard doesn't show SLE products first
(bsc#1173522)
- Cluster UI: return to overview page after scheduling actions
- Changes in the logic to update the tick icon.
- For the postgres localhost:5432 case, use the
- Fix internal server errors by returning 0 instead of dying
- Add missing dependency to spacewalk-base-minimal (bsc#678126)
- Change kickstart to autoinstallation in navigation on pxt pages
- Debranding

suseRegisterInfo:

- Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584)

susemanager:

- Migrate all occurrences of kickstart to autoinstall in cobbler database
(bsc#1169780)
- Define bootstrap repo data for SUSE Manager Proxies (bsc#1174470)
- Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is
required to get python3-M2crypto (bsc#1174167)

susemanager-doc-indexes:

- Left navigation structure cleaned up
- Fixed several broken xrefs
- Added hostname admonition for public cloud sections
- Clarified Branch Proxy configuration instructions
- Fixed index page pdf links, urls were 1 step to deep
- SUSECOM 2020 branding update
- PDF 2020 branding update
- WEBUI 2020 branding update
- Added maintenance window documentation
- Added SLE client chapter
- Added 508 compliance
- Added reverse proxy information to Monitoring in Admin Guide
- Add note about accessibility to index
- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
versioning.
- Added docs for nutanix VHM
- Ubuntu clients using the CLI in SUMA (bsc#1174025)

susemanager-docs_en:

- Left navigation structure cleaned up
- Fixed several broken xrefs
- Added hostname admonition for public cloud sections
- Clarified Branch Proxy configuration instructions
- Fixed index page pdf links, urls were 1 step to deep
- SUSECOM 2020 branding update
- PDF 2020 branding update
- WEBUI 2020 branding update
- Added maintenance window documentation
- Added SLE client chapter
- Added 508 compliance
- Added reverse proxy information to Monitoring in Admin Guide
- Add note about accessibility to index
- In the Upgrade Guide, use Major, Minor, and Patch Level terminology for
versioning.
- Added docs for nutanix VHM
- Ubuntu clients using the CLI in SUMA (bsc#1174025)

susemanager-frontend-libs:

- Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

susemanager-schema:

- Add new states and types for virtual instances in order to support
Nutanix AHV.
- Implement Maintenance Windows
- Add virtual network state change action
- Internal fixes to avoid problems with the idempotency tests

susemanager-sls:

- Fix the dnf plugin to add the token to the HTTP header (bsc#1175724)
- Fix: supply a dnf base when dealing w/repos (bsc#1172504)
- Fix: autorefresh in repos is zypper-only
- Add virtual network state change state to handle start, stop and delete
- Add virtual network state change state to handle start and stop
- Fetch oracle-release when looking for RedHat Product Info (bsc#1173584)
- Force a refresh after deleting a virtual storage volume
- Prevent stuck Hardware Refresh actions on Salt 2016.11.10 based SSH
minions (bsc#1173169)
- Require PyYAML version >= 5.1
- Log out of Docker registries after image build (bsc#1165572)
- Prevent "module.run" deprecation warnings by using custom
mgrcompat
module

susemanager-sync-data:

- Remove version from centos and oracle linux identifier (bsc#1173584)

uyuni-common-libs:

- Fix issues importing RPM packages with long RPM headers (bsc#1174965)

virtual-host-gatherer:

- Add new gatherer module for Nutanix AHV.

virtualization-host-formula:

- Ensure kernel-default and libvirt-python3 are installed
- Set bridge network as default
- Fix conditionals (bsc#1175791)



yomi-formula:

- Update to version 0.0.1+git.1595952633.b300be2:
* pillar: install always kernel-default
* chroot: python3-base is now a capability
* Move systemctl calls inside chroot
* Network: initial work for network declaration
* MicroOS: Remove tmp subvolume
* Update format following the new standard
* Fix __mount_device wrapper

httpcomponents-core:

- Include the correct package in SUSE Manager Server (no source changes)

httpcomponents-client:

- Include the correct package in SUSE Manager Server (no source changes)

google-gson:

- Include the correct package in SUSE Manager Server (no source changes)

How to apply this update: 1. Log in as root user to the SUSE Manager
server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
patch using either zypper patch or YaST Online Update. 4. Upgrade the
database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
spacewalk-service start


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-2373=1



Package List:

- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x
x86_64):

golang-github-QubitProducts-exporter_exporter-0.4.0-6.3.6
openvpn-formula-0.1.1-3.3.6
patterns-suma_retail-4.1-6.3.6
patterns-suma_server-4.1-6.3.6
python3-uyuni-common-libs-4.1.6-3.3.6
spacewalk-branding-4.1.9-3.3.6
susemanager-4.1.18-3.3.6
susemanager-tools-4.1.18-3.3.6

- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):

cobbler-3.0.0+git20190806.32c4bae0-5.3.6
google-gson-2.8.5-3.2.6
httpcomponents-client-4.5.6-3.2.6
httpcomponents-core-4.4.10-3.2.6
ical4j-3.0.18-3.2.7
image-sync-formula-0.1.1595937550.0285244-3.3.6
mgr-libmod-4.1.4-3.3.6
mgr-osa-dispatcher-4.1.3-2.3.6
prometheus-exporters-formula-0.7.1-3.5.2
pxe-default-image-sle15-4.1.0-Build5.3
python3-mgr-osa-common-4.1.3-2.3.6
python3-mgr-osa-dispatcher-4.1.3-2.3.6
python3-spacewalk-certs-tools-4.1.12-3.3.6
python3-suseRegisterInfo-4.1.3-4.3.6
saltboot-formula-0.1.1595937550.0285244-3.3.6
spacecmd-4.1.6-4.3.6
spacewalk-backend-4.1.14-4.5.2
spacewalk-backend-app-4.1.14-4.5.2
spacewalk-backend-applet-4.1.14-4.5.2
spacewalk-backend-config-files-4.1.14-4.5.2
spacewalk-backend-config-files-common-4.1.14-4.5.2
spacewalk-backend-config-files-tool-4.1.14-4.5.2
spacewalk-backend-iss-4.1.14-4.5.2
spacewalk-backend-iss-export-4.1.14-4.5.2
spacewalk-backend-package-push-server-4.1.14-4.5.2
spacewalk-backend-server-4.1.14-4.5.2
spacewalk-backend-sql-4.1.14-4.5.2
spacewalk-backend-sql-postgresql-4.1.14-4.5.2
spacewalk-backend-tools-4.1.14-4.5.2
spacewalk-backend-xml-export-libs-4.1.14-4.5.2
spacewalk-backend-xmlrpc-4.1.14-4.5.2
spacewalk-base-4.1.15-3.3.6
spacewalk-base-minimal-4.1.15-3.3.6
spacewalk-base-minimal-config-4.1.15-3.3.6
spacewalk-certs-tools-4.1.12-3.3.6
spacewalk-html-4.1.15-3.3.6
spacewalk-java-4.1.18-3.5.3
spacewalk-java-config-4.1.18-3.5.3
spacewalk-java-lib-4.1.18-3.5.3
spacewalk-java-postgresql-4.1.18-3.5.3
spacewalk-taskomatic-4.1.18-3.5.3
spacewalk-utils-4.1.11-3.3.6
spacewalk-utils-extras-4.1.11-3.3.6
suseRegisterInfo-4.1.3-4.3.6
susemanager-doc-indexes-4.1-11.7.2
susemanager-docs_en-4.1-11.7.2
susemanager-docs_en-pdf-4.1-11.7.2
susemanager-frontend-libs-4.1.0-3.3.6
susemanager-schema-4.1.12-3.3.6
susemanager-sls-4.1.14-3.5.2
susemanager-sync-data-4.1.7-3.3.6
susemanager-web-libs-4.1.15-3.3.6
virtual-host-gatherer-1.0.21-4.3.6
virtual-host-gatherer-Kubernetes-1.0.21-4.3.6
virtual-host-gatherer-Nutanix-1.0.21-4.3.6
virtual-host-gatherer-VMware-1.0.21-4.3.6
virtual-host-gatherer-libcloud-1.0.21-4.3.6
virtualization-host-formula-0.5-3.3.1
yomi-formula-0.0.1+git.1595952633.b300be2-3.3.6


References:

https://www.suse.com/security/cve/CVE-2020-11022.html
https://bugzilla.suse.com/1136857
https://bugzilla.suse.com/1165572
https://bugzilla.suse.com/1169553
https://bugzilla.suse.com/1169780
https://bugzilla.suse.com/1170244
https://bugzilla.suse.com/1170468
https://bugzilla.suse.com/1170654
https://bugzilla.suse.com/1171281
https://bugzilla.suse.com/1172279
https://bugzilla.suse.com/1172504
https://bugzilla.suse.com/1172709
https://bugzilla.suse.com/1172807
https://bugzilla.suse.com/1172831
https://bugzilla.suse.com/1172839
https://bugzilla.suse.com/1173169
https://bugzilla.suse.com/1173522
https://bugzilla.suse.com/1173535
https://bugzilla.suse.com/1173554
https://bugzilla.suse.com/1173566
https://bugzilla.suse.com/1173584
https://bugzilla.suse.com/1173932
https://bugzilla.suse.com/1173982
https://bugzilla.suse.com/1173997
https://bugzilla.suse.com/1174025
https://bugzilla.suse.com/1174167
https://bugzilla.suse.com/1174229
https://bugzilla.suse.com/1174325
https://bugzilla.suse.com/1174405
https://bugzilla.suse.com/1174470
https://bugzilla.suse.com/1174965
https://bugzilla.suse.com/1175485
https://bugzilla.suse.com/1175555
https://bugzilla.suse.com/1175558
https://bugzilla.suse.com/1175724
https://bugzilla.suse.com/1175791
https://bugzilla.suse.com/678126

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung