SUSE-SU-2020:14538-1: critical: Security update for SUSE Manager Client Tools
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 6 13:16:41 MST 2020
SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:14538-1
Rating: critical
References: #1167907 #1169664 #1176978 #1178319 #1178361
#1178362
Cross-References: CVE-2020-16846 CVE-2020-17490 CVE-2020-25592
Affected Products:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS
______________________________________________________________________________
An update that solves three vulnerabilities and has three
fixes is now available.
Description:
This update fixes the following issues:
cobbler:
- Fix parsing cobbler dictionary options with values containing "=", e.g.
kernel params containing "=" (bsc#1176978)
mgr-daemon:
- Update translation strings
salt:
- Properly validate eauth credentials and tokens on SSH calls made by Salt
API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592,
CVE-2020-17490, CVE-2020-16846)
spacecmd:
- Python3 fixes for errata in spacecmd (bsc#1169664)
- Added support for i18n of user-facing strings
- Python3 fix for sorted usage (bsc#1167907)
spacewalk-client-tools:
- Remove RH references in Python/Ruby localization and use the product
name instead
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:
zypper in -t patch slesctsp4-client-tools-202010-14538=1
- SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:
zypper in -t patch slesctsp3-client-tools-202010-14538=1
Package List:
- SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):
koan-2.2.2-0.68.12.1
mgr-daemon-4.1.3-5.20.1
mgr-daemon-debuginfo-4.1.3-5.20.1
mgr-daemon-debugsource-4.1.3-5.20.1
python2-spacewalk-check-4.1.7-27.38.1
python2-spacewalk-client-setup-4.1.7-27.38.1
python2-spacewalk-client-tools-4.1.7-27.38.1
salt-2016.11.10-43.63.1
salt-doc-2016.11.10-43.63.1
salt-minion-2016.11.10-43.63.1
spacecmd-4.1.8-18.72.1
spacewalk-check-4.1.7-27.38.1
spacewalk-client-setup-4.1.7-27.38.1
spacewalk-client-tools-4.1.7-27.38.1
- SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):
koan-2.2.2-0.68.12.1
mgr-daemon-4.1.3-5.20.1
mgr-daemon-debuginfo-4.1.3-5.20.1
mgr-daemon-debugsource-4.1.3-5.20.1
python2-spacewalk-check-4.1.7-27.38.1
python2-spacewalk-client-setup-4.1.7-27.38.1
python2-spacewalk-client-tools-4.1.7-27.38.1
salt-2016.11.10-43.63.1
salt-doc-2016.11.10-43.63.1
salt-minion-2016.11.10-43.63.1
spacecmd-4.1.8-18.72.1
spacewalk-check-4.1.7-27.38.1
spacewalk-client-setup-4.1.7-27.38.1
spacewalk-client-tools-4.1.7-27.38.1
References:
https://www.suse.com/security/cve/CVE-2020-16846.html
https://www.suse.com/security/cve/CVE-2020-17490.html
https://www.suse.com/security/cve/CVE-2020-25592.html
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1176978
https://bugzilla.suse.com/1178319
https://bugzilla.suse.com/1178361
https://bugzilla.suse.com/1178362
More information about the sle-security-updates
mailing list