Login
Newsletter
Werbung

Sicherheit: Mangelnde Rechteprüfung in SUSE Manager Proxy
Aktuelle Meldungen Distributionen
Name: Mangelnde Rechteprüfung in SUSE Manager Proxy
ID: SUSE-SU-2020:2650-1
Distribution: SUSE
Plattformen: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
Datum: Mi, 16. September 2020, 19:26
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Applikationen: SUSE Manager Proxy

Originalnachricht


SUSE Security Update: Security update for SUSE Manager Proxy 4.0
______________________________________________________________________________

Announcement ID: SUSE-SU-2020:2650-1
Rating: moderate
References: #1167907 #1169664 #1171281 #1172831 #1173535
#1173554 #1174201 #1175224 #1175889
Cross-References: CVE-2020-11022
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0
______________________________________________________________________________

An update that solves one vulnerability and has 8 fixes is
now available.

Description:


This update fixes the following issues:

spacecmd:

- Python3 fixes for errata in spacecmd (bsc#1169664)
- Python3 fix for sorted usage (bsc#1167907)
- Fix softwarechannel_listlatestpackages throwing error on empty channels
(bsc#1175889)
- Fix escaping of package names (bsc#1171281)

spacewalk-certs-tools:

- Add option --nostricthostkeychecking to spacewalk-ssh-push-init
- Strip SSL Certificate Common Name after 63 Characters (bsc#1173535)

spacewalk-proxy:

- Python3 fix for loading pickle file during kickstart procedure
(bsc#1174201)

spacewalk-web:

- Fix login page after jQuery upgrade (bsc#1175224)
- Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
- Warn when a system is in multiple groups that configure the same formula
in the system formula's UI (bsc#1173554)

How to apply this update: 1. Log in as root user to the SUSE Manager
proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch
using either zypper patch or YaST Online Update. 4. Start the Spacewalk
service: spacewalk-proxy start


Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0:

zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.0-2020-2650=1



Package List:

- SUSE Linux Enterprise Module for SUSE Manager Proxy 4.0 (noarch):

python3-spacewalk-certs-tools-4.0.17-3.21.3
spacecmd-4.0.20-3.19.2
spacewalk-base-minimal-4.0.23-3.30.3
spacewalk-base-minimal-config-4.0.23-3.30.3
spacewalk-certs-tools-4.0.17-3.21.3
spacewalk-proxy-broker-4.0.14-3.10.3
spacewalk-proxy-common-4.0.14-3.10.3
spacewalk-proxy-management-4.0.14-3.10.3
spacewalk-proxy-package-manager-4.0.14-3.10.3
spacewalk-proxy-redirect-4.0.14-3.10.3
spacewalk-proxy-salt-4.0.14-3.10.3


References:

https://www.suse.com/security/cve/CVE-2020-11022.html
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1171281
https://bugzilla.suse.com/1172831
https://bugzilla.suse.com/1173535
https://bugzilla.suse.com/1173554
https://bugzilla.suse.com/1174201
https://bugzilla.suse.com/1175224
https://bugzilla.suse.com/1175889

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten
Werbung