SUSE-SU-2020:14404-1: moderate: Security Beta update for SUSE Manager Client Tools
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Jun 23 10:13:58 MDT 2020
SUSE Security Update: Security Beta update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:14404-1
Rating: moderate
References: #1159284 #1165572 #1168340 #1169604 #1169800
#1170104 #1170288 #1170595 #1171687 #1171906
#1172075 #1173072
Cross-References: CVE-2020-11651 CVE-2020-11652
Affected Products:
SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA
______________________________________________________________________________
An update that solves two vulnerabilities and has 10 fixes
is now available.
Description:
This update fixes the following issues:
salt:
- Require python3-distro only for TW (bsc#1173072)
- Various virt backports from 3000.2
- Avoid traceback on debug logging for swarm module (bsc#1172075)
- Add publish_batch to ClearFuncs exposed methods
- Zypperpkg: filter patterns that start with dot (bsc#1171906)
- Batch mode now also correctly provides return value (bsc#1168340)
- Add docker.logout to docker execution module (bsc#1165572)
- Testsuite fix
- Add option to enable/disable force refresh for zypper
- Python3.8 compatibility changes
- Prevent sporious "salt-api" stuck processes when managing SSH minions
because of logging deadlock (bsc#1159284)
- Avoid segfault from "salt-api" under certain conditions of heavy load
managing SSH minions (bsc#1169604)
- Revert broken changes to slspath made on Salt 3000
(saltstack/salt#56341) (bsc#1170104)
- Returns a the list of IPs filtered by the optional network list
- Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
- Do not require vendored backports-abc (bsc#1170288)
- Fix partition.mkpart to work without fstype (bsc#1169800)
spacecmd:
- Only report real error, not result (bsc#1171687)
- Use defined return values for spacecmd methods so scripts can check for
failure (bsc#1171687)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA:
zypper in -t patch suse-ubu164ct-client-tools-beta-202006-14404=1
Package List:
- SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA (all):
salt-common-3000+ds-1+9.17.1
salt-minion-3000+ds-1+9.17.1
spacecmd-4.1.4-2.9.4
References:
https://www.suse.com/security/cve/CVE-2020-11651.html
https://www.suse.com/security/cve/CVE-2020-11652.html
https://bugzilla.suse.com/1159284
https://bugzilla.suse.com/1165572
https://bugzilla.suse.com/1168340
https://bugzilla.suse.com/1169604
https://bugzilla.suse.com/1169800
https://bugzilla.suse.com/1170104
https://bugzilla.suse.com/1170288
https://bugzilla.suse.com/1170595
https://bugzilla.suse.com/1171687
https://bugzilla.suse.com/1171906
https://bugzilla.suse.com/1172075
https://bugzilla.suse.com/1173072
More information about the sle-security-updates
mailing list