drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Zwei Probleme in SUSE Manager Server 4.0
Name: |
Zwei Probleme in SUSE Manager Server 4.0 |
|
ID: |
SUSE-SU-2021:2114-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Module for SUSE Manager Server 4.0 |
|
Datum: |
Di, 22. Juni 2021, 07:48 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31607
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28657 |
|
Applikationen: |
SUSE Manager Server 4.0 |
|
Originalnachricht |
SUSE Security Update: Security update for SUSE Manager Server 4.0 ______________________________________________________________________________
Announcement ID: SUSE-SU-2021:2114-1 Rating: moderate References: #1172711 #1182817 #1184005 #1184283 #1184311 #1184332 #1184361 #1184471 #1184475 #1184561 #1184617 #1184861 #1184892 #1185097 #1185281 #1185506 #1186124 #1186346 #1186508 Cross-References: CVE-2021-28657 CVE-2021-31607 CVSS scores: CVE-2021-28657 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-28657 (SUSE): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.0 ______________________________________________________________________________
An update that solves two vulnerabilities and has 17 fixes is now available.
Description:
This update fixes the following issues:
cobbler:
- Make "fence_ipmitool" a wrapper for "fence_ipmilan" using always lanplus (bsc#1184361) - Remove unused template for fence_ipmitool. - Prevent some race conditions when writing tftpboot files and the destination directory is not existing (bsc#1186124) - Fix trail stripping in case of using UTF symbols (bsc#1184561)
grafana-formula:
- Fix Grafana dashboards requiring single series (bsc#1184471)
patterns-suse-manager:
- Add require for py27-compat-salt (salt 3002 does not provide python2-salt anymore)
prometheus-exporters-formula:
- Move exporters configurations to dedicated group `prometheus_exporters` - Add formula data schema migration script - This version changes the formula data schema and is not backwards compatible. Downgrading from this version will require reconfiguring the formula for all your minions. - Add Ubuntu support for Prometheus exporters' reverse proxy
pxe-default-image-sle15:
- Adapt rpm-properties.xml for containment-rpm-pxe v0.2.1 and newer
py26-compat-salt:
- Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)
spacewalk-backend:
- Maintainer field in debian packages are only recommended (bsc#1186508) - Switch to www group for satellite logs (bsc#1185097)
spacewalk-java:
- Change Prometheus exporters formula data schema to make it more generic and extendable - Adapt logging for testing accessability of URLs (bsc#1182817) - Fix problem reading product_tree.json from wrong location in offline setups (bsc#1184283) - For a SUSE system get metadata and package from same source (bsc#1184475) - Check if the directory exists prior to modular data cleanup (bsc#1184311) - Assign right base product for res8 (bsc#1184005) - Fix check for for mirrorlist URLs when refreshing products (bsc#1184861)
spacewalk-utils:
- Bugfix for ubuntu-18.04 repo urls: multiverse, restricted and backports - Add multiverse, restricted and backports to Ubuntu 16.04, 18.04 and 20.04
spacewalk-web:
- Update the WebUI version to 4.0.14
susemanager:
- Add python3-pycryptodome to Ubuntu 18 and 20 bootstrap repos (bsc#1186346) - Require gio-branding-SLE for SLE15 but not for openSUSE Leap 15 - Add python3-distro to RES8, SLE15 and Ubuntu20.04 bootstrap repositories to fix bootstrapping issues (bsc#1184332)
susemanager-doc-indexes:
- Update for Disconnected Setup chapter in Administration Guide
susemanager-docs_en:
- Update for Disconnected Setup chapter in Administration Guide
susemanager-sls:
- Do not install python2-salt on Salt 3002.2 Docker build hosts (bsc#1185506) - Fix insecure JMX configuration (bsc#1184617) - Avoid conflicts with running ioloop on mgr_events engine (bsc#1172711)
tika-core:
- New upstream version 1.26. Fixes: * Infinite loop in the MP3Parser (bsc#1184892, CVE-2021-28657) * Out of memory error while loading a file in PDFBox before 2.0.23. * Infinite loop while loading a file in PDFBox before 2.0.23. * System.exit vulnerability in Tika's OneNote Parser; out of memory errors and/or infinite loops in Tika's ICNSParser, MP3Parser, MP4Parser, SAS7BDATParser, OneNoteParser and ImageParser. * Excessive memory usage (DoS) vulnerability in Apache Tika's PSDParser * Infinite Loop (DoS) vulnerability in Apache Tika's PSDParser
How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Upgrade the database schema: `spacewalk-schema-upgrade` 5. Start the Spacewalk service: `spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-2114=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x x86_64):
patterns-suma_retail-4.0-9.19.3 patterns-suma_server-4.0-9.19.3 susemanager-4.0.34-3.52.3 susemanager-tools-4.0.34-3.52.3
- SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):
cobbler-3.0.0+git20190806.32c4bae0-7.22.3 grafana-formula-0.2.3-4.16.3 prometheus-exporters-formula-0.7.6-3.19.3 pxe-default-image-sle15-4.0.1-20210621145802 py26-compat-salt-2016.11.10-10.28.3 py27-compat-salt-3000.3-4.3.3 python3-spacewalk-backend-libs-4.0.38-3.47.4 spacewalk-backend-4.0.38-3.47.4 spacewalk-backend-app-4.0.38-3.47.4 spacewalk-backend-applet-4.0.38-3.47.4 spacewalk-backend-config-files-4.0.38-3.47.4 spacewalk-backend-config-files-common-4.0.38-3.47.4 spacewalk-backend-config-files-tool-4.0.38-3.47.4 spacewalk-backend-iss-4.0.38-3.47.4 spacewalk-backend-iss-export-4.0.38-3.47.4 spacewalk-backend-package-push-server-4.0.38-3.47.4 spacewalk-backend-server-4.0.38-3.47.4 spacewalk-backend-sql-4.0.38-3.47.4 spacewalk-backend-sql-postgresql-4.0.38-3.47.4 spacewalk-backend-tools-4.0.38-3.47.4 spacewalk-backend-xml-export-libs-4.0.38-3.47.4 spacewalk-backend-xmlrpc-4.0.38-3.47.4 spacewalk-base-4.0.28-3.45.1 spacewalk-base-minimal-4.0.28-3.45.1 spacewalk-base-minimal-config-4.0.28-3.45.1 spacewalk-html-4.0.28-3.45.1 spacewalk-java-4.0.44-3.57.5 spacewalk-java-config-4.0.44-3.57.5 spacewalk-java-lib-4.0.44-3.57.5 spacewalk-java-postgresql-4.0.44-3.57.5 spacewalk-taskomatic-4.0.44-3.57.5 spacewalk-utils-4.0.21-3.30.3 susemanager-doc-indexes-4.0-10.36.4 susemanager-docs_en-4.0-10.36.3 susemanager-docs_en-pdf-4.0-10.36.3 susemanager-sls-4.0.35-3.48.3 susemanager-web-libs-4.0.28-3.45.1 tika-core-1.26-3.6.3
References:
https://www.suse.com/security/cve/CVE-2021-28657.html https://www.suse.com/security/cve/CVE-2021-31607.html https://bugzilla.suse.com/1172711 https://bugzilla.suse.com/1182817 https://bugzilla.suse.com/1184005 https://bugzilla.suse.com/1184283 https://bugzilla.suse.com/1184311 https://bugzilla.suse.com/1184332 https://bugzilla.suse.com/1184361 https://bugzilla.suse.com/1184471 https://bugzilla.suse.com/1184475 https://bugzilla.suse.com/1184561 https://bugzilla.suse.com/1184617 https://bugzilla.suse.com/1184861 https://bugzilla.suse.com/1184892 https://bugzilla.suse.com/1185097 https://bugzilla.suse.com/1185281 https://bugzilla.suse.com/1185506 https://bugzilla.suse.com/1186124 https://bugzilla.suse.com/1186346 https://bugzilla.suse.com/1186508
|
|
|
|