Login
Newsletter
Werbung
Sicherheit: Ausführen beliebiger Kommandos in SUSE Manager Server 3.2
Aktuelle Meldungen Distributionen
Name: Ausführen beliebiger Kommandos in SUSE Manager Server 3.2
ID: SUSE-SU-2020:2292-1
Distribution: SUSE
Plattformen: SUSE Manager Server 3.2, SUSE Manager Proxy 3.2
Datum: Fr, 21. August 2020, 23:53
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11022
Applikationen: SUSE Manager Server 3.2

Originalnachricht

 

   SUSE Security Update: Security update for SUSE Manager Server 3.2
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2292-1
Rating:             moderate
References:         #1141663 #1150657 #1153578 #1155794 #1159184 
                    #1159202 #1162391 #1166284 #1167556 #1167871 
                    #1168227 #1169109 #1169865 #1170331 #1171169 
                    #1172462 #1172831 #1173073 #1173946 #1174167 
                    #1174700 #1174768 #1174965 
Cross-References:   CVE-2020-11022
Affected Products:
                    SUSE Manager Server 3.2
                    SUSE Manager Proxy 3.2
______________________________________________________________________________

   An update that solves one vulnerability and has 22 fixes is
   now available.

Description:


   This update fixes the following issues:

   bind-formula:

   - Remove wrong default for bind options preventing correct upload
     of bind options using XMLRPC (bsc#1150657)

   branch-network-formula:

   - Make branch formula to assign home directory to ftp and tftp users
     (bsc#1162391)

   py26-compat-salt:

   - Do not make py26-compat-salt to require python-tornado on SLE15 (all SPs)
   - Backport saltutil state module to 2016.11 codebase (bsc#1167556)
   - Add new custom SUSE capability for saltutil state module

   python-susemanager-retail:

   - Allow bind options to be stored to and edited by retail_yaml
     (bsc#1150657)

   release-notes-susemanager:

   - Update to 3.2.15
   - Bugs mentioned bsc#1150657, bsc#1162391, bsc#1167556, bsc#1174965,
     bsc#1170331, bsc#1159184, bsc#1168227, bsc#1172831, bsc#1173073,
     bsc#1167871, bsc#1169109, bsc#1159202, bsc#1168227, bsc#1153578,
     bsc#1141663, bsc#1174768, bsc#1173946, bsc#1174167, bsc#1169865,
     bsc#1155794

   spacewalk-backend:

   - Fix issues importing RPM packages with long RPM headers (bsc#1174965)
   - Do not make mgr-inter-sync to crash if there are non-ASCII characters on
     an exception message (bsc#1170331)
   - Validate cached package entries on ISS slave (bsc#1159184)

   spacewalk-client-tools:

   - Do not crash 'mgr-update-status' because 'long' type is
 not defined in
     Python 3

   spacewalk-java:

   - Skip upgrades when the target has not the same amount of products as the
     installed set (bsc#1168227)
   - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)
   - Prevent deadlock on suseusernotification (bsc#1173073)
   - Avoid multiple base channels when onboarding minions (bsc#1167871)
   - Hide message about changed Update Tag change (bsc#1169109)
   - Refresh pillar after channel change
   - Use 'changes' field if 'pchanges' field doesn't exist
 (bsc#1159202)
   - Skip migration targets when they do not have the same amount of products
     as the installed set (bsc#1168227)

   spacewalk-utils:

   - Add FQDN resolver for spacewalk-manage-channel-lifecycle (bsc#1153578)
   - Fixes SSL hostname matching (bsc#1141663)

   spacewalk-web:

   - Fix saving of formulas (bsc#1174768)
   - Upgrade jQuery and adapt the code - CVE-2020-11022 (bsc#1172831)

   susemanager:

   - Use python2-uyuni-common-libs and python3-uyuni-common-libs for
     bootstrap repositories (bsc#1173946)
   - Add 'python-singledispatch' to SLE12 (all SPs) and RES7 bootstrap
 repos.
     (bsc#1174700)
   - Add SLE 15 LTSS Product ID to SLE15 bootstrap repositories, as it is
     required to get python3-M2crypto (bsc#1174167)
   - Require python3-tornado only for SLE15/SLE15SP1 (bsc#1169865)
   - Use python3-M2Crypto for all SLE15 versions and openSUSE Leap 15.1
     bootstrap repositories
   - Add dbus-1-glib to SLE12SP5 x86_64 to allow onboarding of AWS Cloud
     SLE12SP5 clients (they do not have it by defaul anymore)

   susemanager-frontend-libs:

   - Upgrade jquery to 3.5.1 - CVE-2020-11022 (bsc#1172831)

   susemanager-schema:

   - Prevent a deadlock error involving delete_server and update_needed_cache
     (bsc#1173073)

   susemanager-sls:

   - Avoid traceback error due lazy loading which_bin (bsc#1155794)
   - Using new module path for which_bin to get rid of DeprecationWarning

   How to apply this update: 1. Log in as root user to the SUSE Manager
   server. 2. Stop the Spacewalk service: spacewalk-service stop 3. Apply the
   patch using either zypper patch or YaST Online Update. 4. Upgrade the
   database schema: spacewalk-schema-upgrade 5. Start the Spacewalk service:
   spacewalk-service start


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation
 methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Server 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Server-3.2-2020-2292=1

   - SUSE Manager Proxy 3.2:

      zypper in -t patch SUSE-SUSE-Manager-Proxy-3.2-2020-2292=1



Package List:

   - SUSE Manager Server 3.2 (ppc64le s390x x86_64):

      release-notes-susemanager-3.2.15-6.61.1
      susemanager-3.2.24-3.43.1
      susemanager-tools-3.2.24-3.43.1

   - SUSE Manager Server 3.2 (noarch):

      bind-formula-0.1.1584363976.36bce64-3.6.1
      branch-network-formula-0.1.1584363976.36bce64-3.9.1
      py26-compat-salt-2016.11.10-6.38.1
      python-susemanager-retail-1.0.1584363976.36bce64-2.12.1
      python2-spacewalk-client-tools-2.8.22.8-3.15.1
      spacewalk-backend-2.8.57.23-3.51.1
      spacewalk-backend-app-2.8.57.23-3.51.1
      spacewalk-backend-applet-2.8.57.23-3.51.1
      spacewalk-backend-config-files-2.8.57.23-3.51.1
      spacewalk-backend-config-files-common-2.8.57.23-3.51.1
      spacewalk-backend-config-files-tool-2.8.57.23-3.51.1
      spacewalk-backend-iss-2.8.57.23-3.51.1
      spacewalk-backend-iss-export-2.8.57.23-3.51.1
      spacewalk-backend-libs-2.8.57.23-3.51.1
      spacewalk-backend-package-push-server-2.8.57.23-3.51.1
      spacewalk-backend-server-2.8.57.23-3.51.1
      spacewalk-backend-sql-2.8.57.23-3.51.1
      spacewalk-backend-sql-oracle-2.8.57.23-3.51.1
      spacewalk-backend-sql-postgresql-2.8.57.23-3.51.1
      spacewalk-backend-tools-2.8.57.23-3.51.1
      spacewalk-backend-xml-export-libs-2.8.57.23-3.51.1
      spacewalk-backend-xmlrpc-2.8.57.23-3.51.1
      spacewalk-base-2.8.7.24-3.48.1
      spacewalk-base-minimal-2.8.7.24-3.48.1
      spacewalk-base-minimal-config-2.8.7.24-3.48.1
      spacewalk-client-tools-2.8.22.8-3.15.1
      spacewalk-html-2.8.7.24-3.48.1
      spacewalk-java-2.8.78.29-3.50.1
      spacewalk-java-config-2.8.78.29-3.50.1
      spacewalk-java-lib-2.8.78.29-3.50.1
      spacewalk-java-oracle-2.8.78.29-3.50.1
      spacewalk-java-postgresql-2.8.78.29-3.50.1
      spacewalk-taskomatic-2.8.78.29-3.50.1
      spacewalk-utils-2.8.18.7-3.15.1
      susemanager-frontend-libs-3.2.5-3.13.1
      susemanager-retail-tools-1.0.1584363976.36bce64-2.12.1
      susemanager-schema-3.2.24-3.40.1
      susemanager-sls-3.2.31-3.47.1
      susemanager-web-libs-2.8.7.24-3.48.1

   - SUSE Manager Proxy 3.2 (noarch):

      python2-spacewalk-check-2.8.22.8-3.15.1
      python2-spacewalk-client-setup-2.8.22.8-3.15.1
      python2-spacewalk-client-tools-2.8.22.8-3.15.1
      python2-zypp-plugin-spacewalk-1.0.7-3.13.1
      spacewalk-backend-2.8.57.23-3.51.1
      spacewalk-backend-libs-2.8.57.23-3.51.1
      spacewalk-base-minimal-2.8.7.24-3.48.1
      spacewalk-base-minimal-config-2.8.7.24-3.48.1
      spacewalk-check-2.8.22.8-3.15.1
      spacewalk-client-setup-2.8.22.8-3.15.1
      spacewalk-client-tools-2.8.22.8-3.15.1
      spacewalk-proxy-installer-2.8.6.8-3.18.1
      susemanager-web-libs-2.8.7.24-3.48.1
      zypp-plugin-spacewalk-1.0.7-3.13.1

   - SUSE Manager Proxy 3.2 (x86_64):

      release-notes-susemanager-proxy-3.2.15-0.16.47.1


References:

   https://www.suse.com/security/cve/CVE-2020-11022.html
   https://bugzilla.suse.com/1141663
   https://bugzilla.suse.com/1150657
   https://bugzilla.suse.com/1153578
   https://bugzilla.suse.com/1155794
   https://bugzilla.suse.com/1159184
   https://bugzilla.suse.com/1159202
   https://bugzilla.suse.com/1162391
   https://bugzilla.suse.com/1166284
   https://bugzilla.suse.com/1167556
   https://bugzilla.suse.com/1167871
   https://bugzilla.suse.com/1168227
   https://bugzilla.suse.com/1169109
   https://bugzilla.suse.com/1169865
   https://bugzilla.suse.com/1170331
   https://bugzilla.suse.com/1171169
   https://bugzilla.suse.com/1172462
   https://bugzilla.suse.com/1172831
   https://bugzilla.suse.com/1173073
   https://bugzilla.suse.com/1173946
   https://bugzilla.suse.com/1174167
   https://bugzilla.suse.com/1174700
   https://bugzilla.suse.com/1174768
   https://bugzilla.suse.com/1174965

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
http://lists.suse.com/mailman/listinfo/sle-security-updates
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung