SUSE-RU-2020:1407-1: moderate: Recommended update for amazon-ssm-agent

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon May 25 13:13:01 MDT 2020


   SUSE Recommended Update: Recommended update for amazon-ssm-agent
______________________________________________________________________________

Announcement ID:    SUSE-RU-2020:1407-1
Rating:             moderate
References:         #1085670 #1108265 #1170935 
Affected Products:
                    SUSE Linux Enterprise Module for Public Cloud 15-SP1
______________________________________________________________________________

   An update that has three recommended fixes can now be
   installed.

Description:

   This update for amazon-ssm-agent fixes the following issues:

   - Update to 2.3.978.0 (2020-04-08) (bsc#1170935)
     + Stop pty on receiving TerminateSession request
     + Add support for Debian arm64 architecture
     + Refactoring session log generation logic
   - Update to 2.3.930.0  (2020-03-17)
     + Bug fix for CloudWatch agent version showing twice in Inventory console
     + Bug fix for retrieving minor version for CentOS7
     + Add snap appData collection for inventory in ubuntu 18
     + Add validation for contents of os release files
     + Add retry for fingerprint generation
   - Update to 2.3.871.0 (2020-02-20)
     + Various bug fix for SSM Agent
   - Update to 2.3.842.0 (2020-01-29)
     + Bug fix for updating document state file prior agent reboot
     + Add support to restart agent after SIGPIPE exit status
   - Update to 2.3.814.0 (2020-01-16)
     + Bug fix for metadata service V2
     + Update Golang version 1.12 for travis
     + Optimize session manager retry logic
   - Update to 2.3.786.0 (2019-12-19)
     + Add support for Oracle Linux v7.5 and v7.7
     + Bug fix for Inventory data provider to support special characters
     + Bug fix for SSM MDS service name
   - Update to 2.3.772.0 (2019-12-13)
     + Upgrade AWS SDK
     + Add logging for fingerprint generation
   - Update to 2.3.760.0 (2019-11-15)
     + Session manager supports handling of Task metadata
   - Update to 2.3.758.0 (2019-11-11)
     + Add support to update SSM Distributor packages in place
   - Update to 2.3.756.0 (2019-11-05)
     + Terminate port forwarding session on receiving TerminateSession flag
     + Bug fix to reload SSM client if region has not been initialize
       correctly
     + Bug fix for retrieval of user groups on Linux
   - Update to 2.3.722.0 (2019-10-11)
     + Bug fix for the delay when registering non-EC2 on-prem instances
     + Bug fix for missing ACL when uploading logs to S3 buckets
     + Upgrade GoLang version from 1.9 to 1.12
   - Update to 2.3.714.0 (2019-09-26)
     + For port forwarding session, close server connection when client drops
       it's connection
     + Bug fix for missing condition of rules from inventory registry
     + Update service domain information fetch logic from EC2 Metadata
   - Update to 2.3.707.0 (2019-09-11)
     + Bug fix for characters dropping from session manager shell output
     + Bug fix for session manager freezing caused by non utf8 character
     + Switch the request protocol order for getting S3 Header
     + Keep port forwarding session open until session is terminated
   - Update to 2.3.701.0 (2019-08-21)
     + Send platform type information in controlChannel input
   - Update to 2.3.687.0 (2019-08-05)
     + Bug fix for runPowershellScript plugin on linux platform
     + Add support for document 2.x version to ssm-cli
   - Update to 2.3.680.0 (2019-07-24)
     + Added a new Inventory gatherer AWS:BillingInfo which will gather the
       billing product ids for LicenseIncluded and Marketplace instance
   - Update to 2.3.672.0 (2019-07-09)
     + Add Port plugin for SSH/SCP
     + Add support for Session Manager RunAs functionality on Linux platform
   - Update to 2.3.668.0 (2019-07-01)
     + Add Session Manager InteractiveCommands plugin
     + Bug fix for log formatting issue for session manager
   - Update to 2.3.662.0 (2019-06-19)
     + Bug fix for Session Manager when handling line endings on Windows
       platform
     + Bug fix for token validation for aws:downloadContent plugin
     + Check if log group exists before uploading Session Manager logs to
       CloudWatch
     + Bug fix for broken S3 urls when using custom documents
   - Update to 2.3.634.0 (2019-05-28)
     + Disable appconfig to load credential from specific profile path, add
       EC2 credentials as the default fallback
     + Remove sudoers file creation logic if ssm-user already exists
     + Enable supplementary groups for ssm-user on Linux
   - Update to 2.3.612.0 (2019-05-08)
     + Bug fix for UTF-8 encoded issue caused by locale activation on Ubuntu
       16.04 instance
     + Refactor ssm-user creation logic
     + Bug fix for reporting IP address with wrong network interface
     + Update configure package document arn pattern
   - Update to 2.3.542.0 (2019-04-18)
     + Bug fix for on-premises instance registration in CN region
   - Update to 2.3.539.0 (2019-04-04)
     + Add support for further encryption of session data using AWS KMS
     + Bug fix for excessive instance-id fetching by document workers
   - Update to 2.3.479.0 (2019-03-06)
     + Bug fix for downloading content failure caused by wrong S3 endpoint
     + Bug fix for reboot failure caused by session manager panic
     + Bug fix for session manager shell output dropping character
     + Bug fix for mgs endpoint configuration consistency
   - Update to 2.3.444.0 (2019-02-10)
     + Updates to UpdateInstanceInformation call, Windows initialization
   - Update to 2.3.415.0 (2019-01-25)
     + Bug fix addressing issues in Distributor package upgrade
   - Update to 2.3.372.0 (2019-01-08)
     + Bug fix to allow installation of Distributor packages that do not have
       a version name.
     + Bug fix for agent crash with message "WaitGroup is reused before
       previous Wait has returned".
   - Update to 2.3.344.0 (2018-12-14)
     + Add frequent collector to detect changed inventory types and upload it
       to SSM service between two scheduled collections.
     + Change AWS Systems Manager Distributor to reduce calls to GetDocument
       by calling DescribeDocument.
     + Add exit code when ssm-cli execution fails.
     + Create ssm-user only after the control channel has been successfully
       created.
   - Update to 2.3.274.0 (2018-11-26)
     + Enabled AWS Systems Manager Distributor that lets you securely
       distribute and install software packages.
     + Add support for the arm64 architecture on Amazon Linux 2, Ubuntu
       16.04/18.04, and RHEL 7.6 to support EC2 A1 instances.
   - Update to 2.3.235.0 (2018-10-23)
     + Bug fix for session manager logging on Windows
     + Bug fix for ConfigureCloudWatch plugin
     + Bug fix for update SSM agent occasionally failing due to SSM agent
       service stuck in starting state
   - Update to 2.3.193.0 (2018-10-23)
     + Bug fix for past sessions occasionally stuck in terminating state
     + Darwin masquerades as Linux to bypass OS validation on the backend
       until official support can be added
   - Update to 2.3.169.0 (2018-10-23)
     + Update managed instance role token more frequently
   - Update to 2.3.136.0 (2018-10-09)
     + Bug fix for issue that GatherInventory throw out error when there is
       no Windows Update in instance
     + Add more filters when getting the Windows event logs at startup to
       improve performance
     + Add random jitter before call PutInventory in inventory datauploader
   - Update to 2.3.117.0 (2018-10-02)
     + Bug fix for issues during process termination on instances where IAM
       policy does not grant ssmmessages permissions.
   - Update to 2.3.101.0 (2018-10-02)
     + Bug fix to prevent defunct processes when creating the local user
       ssm-user.
     + Bug fix for sudoersFile permission to avoid "sudo" command warnings in
       Session Manager.
     + Disable hibernation on Windows platform if Cloudwatch configuration is
       present.
   - Update to 2.3.68.0 (2018-09-17)
     + Enables the Session Manager capability that lets you manage your
       Amazon EC2 instance through an interactive one-click browser-based
       shell or through the AWS CLI.
     + Beginning this agent version, SSM Agent will create a local user
       "ssm-user" and either add it to /etc/sudoers (Linux) or to the
       Administrators group (Windows) every time the agent starts. The
       ssm-user is the default OS user when a Session Manager session is
       started, and the password for this user is reset on every session. You
       can change the permissions by moving the ssm-user to a less-privileged
       group or by changing the sudoers file. The ssm-user is not removed
       from the system when SSM Agent is uninstalled.
   - Add patch to remove unused import
     + remove-unused-import.patch
   - Build-Depend on pkgconfig(systemd) instead of systemd
     + Allows OBS to depend on the -mini flavors
   - Refresh patches for new version
     + fix-version.patch

   - Update to 2.3.50.0 2018-09-12 (bsc#1108265)
     + Enables the Session Manager capability that lets you manage your
       Amazon EC2 instance through an interactive one-click browser-based
       shell or through the AWS CLI.
     + Beginning this agent version, SSM Agent will create a local user
       "ssm-user" and either add it to /etc/sudoers (Linux) or to the
       Administrators group (Windows) every time the agent starts. The
       ssm-user is the default OS user when a Session Manager session is
       started, and the password for this user is reset on every session. You
       can change the permissions by moving the ssm-user to a less-privileged
       group or by changing the sudoers file. The ssm-user is not removed
       from the system when SSM Agent is uninstalled.
   - Update to 2.3.13.0 2018-08-16
     + Bug fix for the SSM Agent service remaining in "Starting" state on
       Windows when unable to authenticate to the Systems Manager service.
   - Update to 2.2.916.0 2018-08-02
     + NOTE: This build should not be installed for Windows since the SSM
       Agent service may remain in starting status if unable to authenticate
       to the Systems Manager service, which is fixed in the latest release.
     + Bug fix for missing cloudwatch.exe seen in SSM Agent version 2.2.902.0
   - Update to 2.2.902.0 2018-07-31
     + NOTE: This build should not be installed for Windows since you might
       see the error - "Encountered error while starting the plugin: Unable
       to locate cloudwatch.exe" for Cloudwatch plugin. This bug has been
       fixed in SSM Agent version 2.2.916.0. Also SSM Agent service may
       remain in starting status if unable to authenticate to the Systems
       Manager service, which is fixed in the latest release.
     + Initial support for developer builds on macOS
     + Retry sending Run Command execution results for up to 2 hours
     + More detailed error messages are returned for inventory plugin
       failures during State Manager association executions
   - Update to 2.2.800.0 2018-06-26
     + Bug fix to clean the orchestration directory
     + Streaming AWS Systems Manager Run Command output to CloudWatch Logs
     + Reducing number of retries for serial port opening
     + Add retry logic to installation verification
   - Update to 2.2.619.0 2018-05-29
     + Various bug fixes
   - Update to 2.2.607.0 2018-05-23
     + Various bug fixes
   - Update to 2.2.546.0 2018-05-07
     + Bug fix to retry sending document results if they couldn't reach the
       service
   - Update to 2.2.493.0 2018-04-25
     + NOTE: Downgrade to this version using AWS-UpdateSSMAgent is not
       permitted for agent installed using snap
     + Added support for Ubuntu Snap packaging
     + Bug fix so that aws:downloadContent does not change permissions of
       directories
     + Bug fix to Cloudwatch plugin where StartType has duplicated Enabled
       value
   - Update to 2.2.392.0 2018-03-27
     + Added support for agent hibernation so that Agent backs
       off or enters hibernation mode if it does not have access to the
        service
     + Various bug fixes
   - Update to 2.2.355.0 2018-03-16
     + Fix S3Download to download from cross regions.
     + Various bug fixes
   - Refresh patches for new version
     + fix-config.patch
     + fix-version.patch

   - Update to 2.2.325.0 2018-03-07 (bsc#1085670)
     + Bug fix to change sourceHashType to be default sha256 on psmodule.
   - Update to 2.2.257.0 2018-02-23
     + Bug fix to address an issue that can prevent the agent from processing
       associations after a restart.
   - Update to 2.2.160.0 2018-01-15
     + Execute "pwsh" on linux when using runPowershellScript plugin.
   - Update to 2.2.93.0 2017-11-14
     + Update to latest AWS SDK.
   - Update to 2.2.58.0 2017-10-23
     + Switching to use Birdwatcher distribution service for AWS packages.


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1:

      zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-1407=1



Package List:

   - SUSE Linux Enterprise Module for Public Cloud 15-SP1 (aarch64 ppc64le s390x x86_64):

      amazon-ssm-agent-2.3.978.0-5.3.1


References:

   https://bugzilla.suse.com/1085670
   https://bugzilla.suse.com/1108265
   https://bugzilla.suse.com/1170935



More information about the sle-updates mailing list