drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in SUSE Manager Server 4.1
Name: |
Zwei Probleme in SUSE Manager Server 4.1 |
|
ID: |
SUSE-SU-2021:2098-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 |
|
Datum: |
Di, 22. Juni 2021, 07:48 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31607 |
|
Applikationen: |
SUSE Manager Server 4.1 |
|
Originalnachricht |
SUSE Security Update: Security update for SUSE Manager Server 4.1 ______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2098-1 Rating: moderate References: #1151558 #1172711 #1175216 #1178767 #1180673 #1182744 #1183573 #1183649 #1183845 #1183864 #1184005 #1184286 #1184311 #1184332 #1184351 #1184361 #1184471 #1184475 #1184561 #1184617 #1184849 #1184892 #1184929 #1184940 #1185042 #1185097 #1185281 #1185506 #1185568 #1185965 #1186025 #1186124 #1186346 #1186508 #1186765 #1186852 #1186858 Cross-References: CVE-2021-28657 CVE-2021-31607 CVSS scores: CVE-2021-28657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-28657 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.1 ______________________________________________________________________________
An update that solves two vulnerabilities and has 35 fixes is now available.
Description:
This update fixes the following issues:
cobbler:
- Make `fence_ipmitool` a wrapper for `fence_ipmilan` using always `lanplus`. (bsc#1184361) - Remove unused template for `fence_ipmitool`. - Prevent some race conditions when writting tftpboot files and the destination directory is not existing. (bsc#1186124) - Fix trail stripping in case of using UTF symbols. (bsc#1184561)
golang-github-prometheus-node_exporter:
- Update to 1.1.2 * Bug fixes + Handle errors from disabled PSI subsystem + Sanitize strings from /sys/class/power_supply + Silence missing netclass errors + Fix ineffassign issue + Fix some noisy log lines + filesystem_freebsd: Fix label values + Fix various procfs parsing errors + Handle no data from powersupplyclass + udp_queues_linux.go: change upd to udp in two error strings + Fix node_scrape_collector_success behaviour + Fix NodeRAIDDegraded to not use a string rule expressions + Fix node_md_disks state label from fail to failed + Handle EPERM for syscall in timex collector + bcache: fix typo in a metric name + Fix XFS read/write stats * Changes + Improve filter flag names + Add btrfs and powersupplyclass to list of exporters enabled by default * Features + Add fibre channel collector + Expose cpu bugs and flags as info metrics + Add network_route collector + Add zoneinfo collector * Enhancements + Add more InfiniBand counters + Add flag to aggr ipvs metrics to avoid high cardinality metrics + Adding backlog/current queue length to qdisc collector + Include TCP OutRsts in netstat metrics + Add pool size to entropy collector + Remove CGO dependencies for OpenBSD amd64 + bcache: add writeback_rate_debug status + Add check state for mdadm arrays via node_md_state metric + Expose XFS inode statistics + Expose zfs zpool state + Added an ability to pass collector.supervisord.url via SUPERVISORD_URL environment variable - Do not include sources (bsc#1151558) - Remove rc symlink
grafana-formula:
- Fix Grafana dashboards requiring single series (bsc#1184471)
patterns-suse-manager:
- Add require for py27-compat-salt (salt 3002 does not provide python2-salt anymore)
prometheus-exporter-formula:
- Add support for schema migration (bsc#1186025)
pxe-yomi-image-sle15:
- Remove PermitEmptyPasswords from SSH config (Fix bsc#1182744)
py26-compat-salt:
- Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)
spacewalk-admin:
- Stop jabberd when osa-dispatcher is enabled (bsc#1185042)
spacewalk-backend:
- Fix binary blob corruptions in tradidional config file deployment (bsc#1183864) - Fix for GPG checking on synchonizing mirrored dpkg repo (bsc#1184351) - switch to www group for satellite logs (bsc#1185097) - Fail traditional errata and package actions when they act on retracted items - Add advisory_status to reposync and ISS - Add minrate/timeout configuration values for downloading DEB/RPM packages
spacewalk-branding:
- Add the CSS class for retracted errata/packages
spacewalk-certs-tools:
- Add support of DISABLE_LOCAL_REPOS=0 for salt minions (bsc#1185568) - Add missing environment variable SALT_RUNNING for pkg module to the minion configuration - Fix typo: activaion -> activation
spacewalk-java:
- Change Prometheus exporters formula data schema to make it more generic and extendable - Do not require advisory_status to be set in ErrataHandler.create (bsc#1185965) - Speed up pages to compare or add packages to channels (bsc#1178767) - Bugfix: Remove the unneeded check that was stopping updating a virtual instance type (bsc#1180673) - Exclude minions from the list of locally-managed/sandbox systems when copying config files (bsc#1184940) - Lower case fqdn comparation when calculating minion connection path (bsc#1184849) - Bugfix: Retracted Patches: Filter minion correctly when executing package install (bsc#1184929) - Implement retracted patches - For a SUSE system get metadata and package from same source (bsc#1184475) - Check if the directory exists prior to modular data cleanup (bsc#1184311) - Assign right base product for res8 (bsc#1184005) - Fix docs link in my organization configuration (bsc#1184286) - Only update the kickstart path in cobbler if necessary (bsc#1175216)
spacewalk-utils:
- Bugfix for ubuntu-18.04 repo urls: multiverse, restricted and backports - Add multiverse, restricted and backports to Ubuntu 16.04, 18.04 and 20.04
spacewalk-web:
- Upgrade react-select to 4.3.0 and lodash to 4.17.21 - Show the info about unsynced patches in the Content Lifecycle Management screens
susemanager:
- Add bootstrap repo data for SUSE Manager 4.1 Proxy - Require gio-branding-SLE for SLE15 but not for openSUSE Leap 15 - Add bootstrap repo data for OES2018-SP3-x86_64 (bsc#1183845) - Enable bootstrap repository creation for openSUSE Leap 15.3 for Uyuni - Add python3-distro to RES8, SLE15, Ubuntu20.04 and Debian 10 bootstrap repositories to fix bootstrapping issues (bsc#1184332) - Add python3-pycryptodome to Ubuntu and Debian 10 bootstrap repos (bsc#1186346) - Add gnupg and its dependencies to debian 10 bootstrap repo
susemanager-build-keys:
- Add SUSE Linux Enterprise 15-SP3 Updates for openSUSE Leap 15.3 key (bsc#1186852)
susemanager-doc-indexes:
- Adds additional dependencies for Debian client registration in Client Configuration Guide (bsc#1183649) - Remove some openSUSE Leap 15.1 references - Add reposync configuration settings to Troubleshooting chapter of the Administration Guide - Update the entry about module.run for SAP Guide
susemanager-docs_en:
- Adds additional dependencies for Debian client registration in Client Configuration Guide (bsc#1183649) - Remove some openSUSE Leap 15.1 references - Add reposync configuration settings to Troubleshooting chapter of the Administration Guide - Update the entry about module.run for SAP Guide
susemanager-schema:
- DB schema & migrations for retracted patches
susemanager-sls:
- Exclude openSUSE Leap 15.3 from product installation (bsc#1186858) - Enable certificate deployment for Leap 15.3 clients which is needed for bootstrapping (bsc#1186765) - Do not install python2-salt on Salt 3002.2 Docker build hosts (bsc#1185506) - Add support for 'disable_local_repos' salt minion config parameter(bsc#1185568) - Fix insecure JMX configuration (bsc#1184617) - Avoid conflicts with running ioloop on mgr_events engine (bsc#1172711) - Keep salt-minion when it is installed to prevent update problems with dependend packages not available in the bootstrap repo (bsc#1183573) - Fix installation of gnupg on Debian 10
susemanager-sync-data:
- Add OES2018 SP3 (bsc#1183845)
tika-core:
- New upstream version 1.26. * Infinite loop in the MP3Parser (bsc#1184892 CVE-2021-28657) * Out of memory error while loading a file in PDFBox before 2.0.23. * Infinite loop while loading a file in PDFBox before 2.0.23. * System.exit vulnerability in Tika's OneNote Parser; out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. * Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser * Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser
uyuni-common-libs:
- Maintainer field in debian packages are only recommended (bsc#1186508)
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-2098=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.1.2-3.6.5 patterns-suma_retail-4.1-6.9.2 patterns-suma_server-4.1-6.9.2 python3-uyuni-common-libs-4.1.8-3.9.1 spacewalk-branding-4.1.12-3.12.2 susemanager-4.1.26-3.25.1 susemanager-tools-4.1.26-3.25.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
cobbler-3.0.0+git20190806.32c4bae0-5.11.1 grafana-formula-0.4.1-3.9.2 prometheus-exporters-formula-0.9.1-3.22.1 py26-compat-salt-2016.11.10-6.14.2 py27-compat-salt-3000.3-6.3.2 python3-spacewalk-certs-tools-4.1.17-3.17.2 spacewalk-admin-4.1.9-3.12.2 spacewalk-backend-4.1.25-4.32.6 spacewalk-backend-app-4.1.25-4.32.6 spacewalk-backend-applet-4.1.25-4.32.6 spacewalk-backend-config-files-4.1.25-4.32.6 spacewalk-backend-config-files-common-4.1.25-4.32.6 spacewalk-backend-config-files-tool-4.1.25-4.32.6 spacewalk-backend-iss-4.1.25-4.32.6 spacewalk-backend-iss-export-4.1.25-4.32.6 spacewalk-backend-package-push-server-4.1.25-4.32.6 spacewalk-backend-server-4.1.25-4.32.6 spacewalk-backend-sql-4.1.25-4.32.6 spacewalk-backend-sql-postgresql-4.1.25-4.32.6 spacewalk-backend-tools-4.1.25-4.32.6 spacewalk-backend-xml-export-libs-4.1.25-4.32.6 spacewalk-backend-xmlrpc-4.1.25-4.32.6 spacewalk-base-4.1.26-3.24.8 spacewalk-base-minimal-4.1.26-3.24.8 spacewalk-base-minimal-config-4.1.26-3.24.8 spacewalk-certs-tools-4.1.17-3.17.2 spacewalk-html-4.1.26-3.24.8 spacewalk-java-4.1.36-3.44.1 spacewalk-java-config-4.1.36-3.44.1 spacewalk-java-lib-4.1.36-3.44.1 spacewalk-java-postgresql-4.1.36-3.44.1 spacewalk-taskomatic-4.1.36-3.44.1 spacewalk-utils-4.1.16-3.18.2 spacewalk-utils-extras-4.1.16-3.18.2 susemanager-build-keys-15.2.4-3.17.1 susemanager-build-keys-web-15.2.4-3.17.1 susemanager-doc-indexes-4.1-11.34.8 susemanager-docs_en-4.1-11.34.2 susemanager-docs_en-pdf-4.1-11.34.2 susemanager-schema-4.1.21-3.30.6 susemanager-sls-4.1.28-3.42.1 susemanager-sync-data-4.1.14-3.23.2 susemanager-web-libs-4.1.26-3.24.8 tika-core-1.26-3.5.2 uyuni-config-modules-4.1.28-3.42.1
References:
https://www.suse.com/security/cve/CVE-2021-28657.html https://www.suse.com/security/cve/CVE-2021-31607.html https://bugzilla.suse.com/1151558 https://bugzilla.suse.com/1172711 https://bugzilla.suse.com/1175216 https://bugzilla.suse.com/1178767 https://bugzilla.suse.com/1180673 https://bugzilla.suse.com/1182744 https://bugzilla.suse.com/1183573 https://bugzilla.suse.com/1183649 https://bugzilla.suse.com/1183845 https://bugzilla.suse.com/1183864 https://bugzilla.suse.com/1184005 https://bugzilla.suse.com/1184286 https://bugzilla.suse.com/1184311 https://bugzilla.suse.com/1184332 https://bugzilla.suse.com/1184351 https://bugzilla.suse.com/1184361 https://bugzilla.suse.com/1184471 https://bugzilla.suse.com/1184475 https://bugzilla.suse.com/1184561 https://bugzilla.suse.com/1184617 https://bugzilla.suse.com/1184849 https://bugzilla.suse.com/1184892 https://bugzilla.suse.com/1184929 https://bugzilla.suse.com/1184940 https://bugzilla.suse.com/1185042 https://bugzilla.suse.com/1185097 https://bugzilla.suse.com/1185281 https://bugzilla.suse.com/1185506 https://bugzilla.suse.com/1185568 https://bugzilla.suse.com/1185965 https://bugzilla.suse.com/1186025 https://bugzilla.suse.com/1186124 https://bugzilla.suse.com/1186346 https://bugzilla.suse.com/1186508 https://bugzilla.suse.com/1186765 https://bugzilla.suse.com/1186852 https://bugzilla.suse.com/1186858
|
|
|
|