Ausführen beliebiger Kommandos in SUSE Manager Proxy 4.1
ID: | SUSE-SU-2021:0906-1 |
Distribution: | SUSE |
Plattformen: | SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 |
Datum: | Fr, 19. März 2021, 23:17 |
Referenzen: | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28477 |
Applikationen: | SUSE Manager Proxy 4.1 |
Originalnachricht |
|
SUSE Security Update: Security update for SUSE Manager Proxy 4.1 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0906-1 Rating: moderate References: #1173893 #1177508 #1180558 #1181807 #1182006 #1182685 Cross-References: CVE-2020-28477 CVSS scores: CVE-2020-28477 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 ______________________________________________________________________________ An update that solves one vulnerability and has 5 fixes is now available. Description: This update fixes the following issues: mgr-osad: - Adapt to new SSL implementation of rhnlib (bsc#1181807) rhnlib: - Change SSL implementation to python ssl for better SAN and hostname matching support (bsc#1181807) spacewalk-backend: - Open repomd files as binary (bsc#1173893) - Fix requesting Release file in debian repos (bsc#1182006) - Reposync: Fixed Kickstart functionality. - Reposync: Fixed URLGrabber error handling. - Reposync: Fix modular data handling for cloned channels (bsc#1177508) spacewalk-client-tools: - Adapt to new SSL implementation of rhnlib (bsc#1181807) spacewalk-proxy: - Adapt to new SSL implementation of rhnlib (bsc#1181807) spacewalk-proxy-installer: - Adapt to new SSL implementation of rhnlib (bsc#1181807) spacewalk-web: - Replace CRLF in ssh priv key when bootstrapping (bsc#1182685) - Upgrade immer to fix CVE-2020-28477 - Default to preferred items per page in content lifecycle lists (bsc#1180558) - Fix sorting in content lifecycle projects and cluster tables (bsc#1180558) How to apply this update: 1. Log in as root user to the SUSE Manager proxy. 2. Stop the proxy service: spacewalk-proxy stop 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: spacewalk-proxy start Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2021-906=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch): mgr-osad-4.1.5-2.9.4 python3-mgr-osa-common-4.1.5-2.9.4 python3-mgr-osad-4.1.5-2.9.4 python3-rhnlib-4.1.3-4.3.2 python3-spacewalk-check-4.1.9-4.12.4 python3-spacewalk-client-setup-4.1.9-4.12.4 python3-spacewalk-client-tools-4.1.9-4.12.4 spacewalk-backend-4.1.21-4.22.7 spacewalk-base-minimal-4.1.23-3.18.6 spacewalk-base-minimal-config-4.1.23-3.18.6 spacewalk-check-4.1.9-4.12.4 spacewalk-client-setup-4.1.9-4.12.4 spacewalk-client-tools-4.1.9-4.12.4 spacewalk-proxy-broker-4.1.4-3.9.4 spacewalk-proxy-common-4.1.4-3.9.4 spacewalk-proxy-installer-4.1.6-3.3.2 spacewalk-proxy-management-4.1.4-3.9.4 spacewalk-proxy-package-manager-4.1.4-3.9.4 spacewalk-proxy-redirect-4.1.4-3.9.4 spacewalk-proxy-salt-4.1.4-3.9.4 References: https://www.suse.com/security/cve/CVE-2020-28477.html https://bugzilla.suse.com/1173893 https://bugzilla.suse.com/1177508 https://bugzilla.suse.com/1180558 https://bugzilla.suse.com/1181807 https://bugzilla.suse.com/1182006 https://bugzilla.suse.com/1182685 |