drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mehrere Probleme in SUSE Manager Server 4.2
Name: |
Mehrere Probleme in SUSE Manager Server 4.2 |
|
ID: |
SUSE-SU-2022:3314-1 |
|
Distribution: |
SUSE |
|
Plattformen: |
SUSE Linux Enterprise Module for SUSE Manager Server 4.2, SUSE Manager Server 4.2 |
|
Datum: |
Mo, 19. September 2022, 23:29 |
|
Referenzen: |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41411
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31129
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43138 |
|
Applikationen: |
SUSE Manager Server 4.2 |
|
Originalnachricht |
SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3314-1 Rating: critical References: #1172705 #1187028 #1195455 #1195895 #1196729 #1198168 #1198489 #1198738 #1198903 #1199372 #1199659 #1199913 #1199950 #1200276 #1200296 #1200480 #1200532 #1200573 #1200591 #1200629 #1201142 #1201189 #1201210 #1201220 #1201224 #1201527 #1201606 #1201607 #1201626 #1201753 #1201913 #1201918 #1202142 #1202272 #1202464 #1202728 #1203287 #1203288 #1203449 Cross-References: CVE-2021-41411 CVE-2021-42740 CVE-2021-43138 CVE-2022-31129 CVSS scores: CVE-2021-41411 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-41411 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-42740 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-43138 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-43138 (SUSE): 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31129 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-31129 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________
An update that solves four vulnerabilities and has 35 fixes is now available.
Description:
This update fixes the following issues:
drools:
- CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629)
httpcomponents-asyncclient:
- Provide maven metadata needed by other packages to build
image-sync-formula:
- Update to version 0.1.1661440526.b08d95b * Add option to sort boot images by version (bsc#1196729)
inter-server-sync:
- Version 0.2.3 * Compress exported sql data #16631 * Add gzip dependency to decompress data file during import process
patterns-suse-manager:
- Strictly require OpenJDK 11 (bsc#1202142)
py27-compat-salt:
- Add support for gpgautoimport in zypperpkg module - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Add support for name, pkgs and diff_attr parameters to upgrade function for zypper and yum (bsc#1198489) - Unify logic on using multiple requisites and add onfail_all (bsc#1198738) - Normalize package names once with pkg.installed/removed using yum (bsc#1195895)
salt-netapi-client:
- Declare the LICENSE file as license and not doc - Adapted for Enterprise Linux 9. - Version 0.20.0 * See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.20.0
saltboot-formula:
- Update to version 0.1.1661440526.b08d95b * Fallback to local boot if the configured image is not synced * improve image url modifications - preparation for ftp/http changes
spacecmd:
- Version 4.2.19-1 * Process date values in spacecmd api calls (bsc#1198903) * Show correct help on calling kickstart_importjson with no arguments * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
spacewalk-admin:
- Version 4.2.12-1 * Add --help option to mgr-monitoring-ctl
spacewalk-backend:
- Version 4.2.24-1 * Make reposync use the configured http proxy with mirrorlist (bsc#1198168) * Revert proxy listChannels token caching pr#4548 * cleanup leftovers from removing unused xmlrpc endpoint
spacewalk-certs-tools:
- Version 4.2.18-1 * traditional stack bootstrap: install product packages (bsc#1201142)
spacewalk-client-tools:
- Version 4.2.20-1 * Update translation strings
spacewalk-java:
- Version 4.2.41-1 * Fixed date format on scheduler related messages (bsc#1195455) * Support inherited values for kernel options from Cobbler API (bsc#1199913) * Add channel availability check for product migration (bsc#1200296) * Check if system has all formulas correctly assigned (bsc#1201607) * Remove group formula assignments and data on group delete (bsc#1201606) * Fix sync for external repositories (bsc#1201753) * fix state.apply result parsing in test mode (bsc#1201913) * Reduce the length of image channel URL (bsc#1201220) * Calculate dependencies between cloned channels of vendor channels (bsc#1201626) * fix symlinks pointing to ongres-stringprep * Modify parameter type when communicating with the search server (bsc#1187028) * Fix initial profile and build host on Image Build page (bsc#1199659) * Fix the confirm message on the refresh action by adding a link to pending actions on it (bsc#1172705) * require new salt-netapi-client version * Clean grub2 reinstall entry in autoyast snippet (bsc#1199950)
spacewalk-search:
- Version 4.2.8-1 * Add methods to handle session id as String
spacewalk-web:
- Version 4.2.29-1 * CVE-2021-43138: Obtain privileges via the `mapValues()` method. (bsc#1200480) * CVE-2021-42740: Command injection in the shell-quote package. (bsc#1203287) * CVE-2022-31129: Denial-of-Service moment: inefficient parsing algorithm (bsc#1203288) * Fix table header layout for unselectable tables * Fix initial profile and build host on Image Build page (bsc#1199659)
subscription-matcher:
- Added Guava maximum version requirement.
susemanager:
- Version 4.2.37-1 * mark new dependencies for python-py optional in bootstrap repo to fix generation for older service packs (bsc#1203449) - Version 4.2.36-1 * add missing packages on SLES 15 * remove server-migrator.sh from SUSE Manager installations (bsc#1202728) * mgr-create-bootstrap-repo: flush directory also when called for a specific label (bsc#1200573) * add missing packages on SLES 12 SP5 bootstrap repo (bsc#1201918) * remove python-tornado from bootstrap repo, since no longer required for salt version >= 3000 * add openSUSE 15.4 product (bsc#1201527) * add clients tool product to generate bootstrap repo on openSUSE 15.x (bsc#1201189)
susemanager-doc-indexes:
- Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464) - Documented how to onboard Ubuntu clients with the Salt bundle as a regular user - Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user - Fixed the names of updates channels for Leap - Fixed errors in OpenSCAP chapter of Administration Guide - Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin - Removed CentOS 8 from the list of supported client systems - Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210) - Reverted single snippet change for two separate books - Added extend Salt Bundle functionality with Python packages using pip - Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH - Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin - Salt Configuration Modules are no longer Technology Preview in Salt Guide. - Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224) - Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532) - In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly. - Removed SUSE Linux Enterprise 11 from the list of supported client systems
susemanager-docs_en:
- Documented mandatory channels in the Disconnected Setup chapter of the Administration Guide (bsc#1202464) - Documented how to onboard Ubuntu clients with the Salt bundle as a regular user - Documented how to onboard Debian clients with the Salt bundle or plain Salt as a regular user - Fixed the names of updates channels for Leap - Fixed errors in OpenSCAP chapter of Administration Guide - Added exact command to create the bootstrap repo for Salt bundle and about how to disable salt-thin - Removed CentOS 8 from the list of supported client systems - Extend the notes about using noexec option for /tmp and /var/tmp (bsc#1201210) - Reverted single snippet change for two separate books - Added extend Salt Bundle functionality with Python packages using pip - Add missing part of the description to enable optional support of the Salt Bundle with Salt SSH - Added exact command to create the bootstrap repo for salt bundle and about how to disable salt-thin - Salt Configuration Modules are no longer Technology Preview in Salt Guide. - Fixed Ubuntu 18 Client registration in Client Configuration Guide (bsc#1201224) - Added ports 1232 and 1233 in the Ports section of the Installation and Upgrade Guide; required for Salt SSH Push (bsc#1200532) - In the Custom Channel section of the Administration Guide add a note about synchronizing repositories regularly. - Removed SUSE Linux Enterprise 11 from the list of supported client systems
susemanager-schema:
- Version 4.2.24-1 * Fix migration of image actions (bsc#1202272)
susemanager-sls:
- Version 4.2.27-1 * Copy grains file with util.mgr_switch_to_venv_minion state apply * Remove the message 'rpm: command not found' on using Salt SSH with Debian based systems which has no Salt Bundle * Prevent possible tracebacks on calling module.run from mgrcompat by setting proper globals with using LazyLoader * Fix deploy of SLE Micro CA Certificate (bsc#1200276)
uyuni-common-libs:
- Version 4.2.7-1 * Do not allow creating path if nonexistent user or group in fileutils.
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3314=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64):
inter-server-sync-0.2.3-150300.8.22.2 inter-server-sync-debuginfo-0.2.3-150300.8.22.2 patterns-suma_retail-4.2-150300.4.12.2 patterns-suma_server-4.2-150300.4.12.2 python3-uyuni-common-libs-4.2.7-150300.3.9.2 susemanager-4.2.37-150300.3.41.1 susemanager-tools-4.2.37-150300.3.41.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):
drools-7.17.0-150300.4.6.2 httpcomponents-asyncclient-4.1.4-150300.3.3.2 image-sync-formula-0.1.1661440526.b08d95b-150300.3.3.2 py27-compat-salt-3000.3-150300.7.7.23.2 python3-spacewalk-certs-tools-4.2.18-150300.3.24.3 python3-spacewalk-client-tools-4.2.20-150300.4.24.3 salt-netapi-client-0.20.0-150300.3.9.4 saltboot-formula-0.1.1661440526.b08d95b-150300.3.12.2 spacecmd-4.2.19-150300.4.27.2 spacewalk-admin-4.2.12-150300.3.15.3 spacewalk-backend-4.2.24-150300.4.29.5 spacewalk-backend-app-4.2.24-150300.4.29.5 spacewalk-backend-applet-4.2.24-150300.4.29.5 spacewalk-backend-config-files-4.2.24-150300.4.29.5 spacewalk-backend-config-files-common-4.2.24-150300.4.29.5 spacewalk-backend-config-files-tool-4.2.24-150300.4.29.5 spacewalk-backend-iss-4.2.24-150300.4.29.5 spacewalk-backend-iss-export-4.2.24-150300.4.29.5 spacewalk-backend-package-push-server-4.2.24-150300.4.29.5 spacewalk-backend-server-4.2.24-150300.4.29.5 spacewalk-backend-sql-4.2.24-150300.4.29.5 spacewalk-backend-sql-postgresql-4.2.24-150300.4.29.5 spacewalk-backend-tools-4.2.24-150300.4.29.5 spacewalk-backend-xml-export-libs-4.2.24-150300.4.29.5 spacewalk-backend-xmlrpc-4.2.24-150300.4.29.5 spacewalk-base-4.2.29-150300.3.27.3 spacewalk-base-minimal-4.2.29-150300.3.27.3 spacewalk-base-minimal-config-4.2.29-150300.3.27.3 spacewalk-certs-tools-4.2.18-150300.3.24.3 spacewalk-client-tools-4.2.20-150300.4.24.3 spacewalk-html-4.2.29-150300.3.27.3 spacewalk-java-4.2.41-150300.3.43.5 spacewalk-java-config-4.2.41-150300.3.43.5 spacewalk-java-lib-4.2.41-150300.3.43.5 spacewalk-java-postgresql-4.2.41-150300.3.43.5 spacewalk-search-4.2.8-150300.3.12.2 spacewalk-taskomatic-4.2.41-150300.3.43.5 subscription-matcher-0.29-150300.6.12.2 susemanager-doc-indexes-4.2-150300.12.33.4 susemanager-docs_en-4.2-150300.12.33.2 susemanager-docs_en-pdf-4.2-150300.12.33.2 susemanager-schema-4.2.24-150300.3.27.3 susemanager-sls-4.2.27-150300.3.33.4 uyuni-config-modules-4.2.27-150300.3.33.4
References:
https://www.suse.com/security/cve/CVE-2021-41411.html https://www.suse.com/security/cve/CVE-2021-42740.html https://www.suse.com/security/cve/CVE-2021-43138.html https://www.suse.com/security/cve/CVE-2022-31129.html https://bugzilla.suse.com/1172705 https://bugzilla.suse.com/1187028 https://bugzilla.suse.com/1195455 https://bugzilla.suse.com/1195895 https://bugzilla.suse.com/1196729 https://bugzilla.suse.com/1198168 https://bugzilla.suse.com/1198489 https://bugzilla.suse.com/1198738 https://bugzilla.suse.com/1198903 https://bugzilla.suse.com/1199372 https://bugzilla.suse.com/1199659 https://bugzilla.suse.com/1199913 https://bugzilla.suse.com/1199950 https://bugzilla.suse.com/1200276 https://bugzilla.suse.com/1200296 https://bugzilla.suse.com/1200480 https://bugzilla.suse.com/1200532 https://bugzilla.suse.com/1200573 https://bugzilla.suse.com/1200591 https://bugzilla.suse.com/1200629 https://bugzilla.suse.com/1201142 https://bugzilla.suse.com/1201189 https://bugzilla.suse.com/1201210 https://bugzilla.suse.com/1201220 https://bugzilla.suse.com/1201224 https://bugzilla.suse.com/1201527 https://bugzilla.suse.com/1201606 https://bugzilla.suse.com/1201607 https://bugzilla.suse.com/1201626 https://bugzilla.suse.com/1201753 https://bugzilla.suse.com/1201913 https://bugzilla.suse.com/1201918 https://bugzilla.suse.com/1202142 https://bugzilla.suse.com/1202272 https://bugzilla.suse.com/1202464 https://bugzilla.suse.com/1202728 https://bugzilla.suse.com/1203287 https://bugzilla.suse.com/1203288 https://bugzilla.suse.com/1203449
|
|
|
|