SUSE-SU-2021:14623-1: moderate: Security Beta update for SUSE Manager Client Tools

sle-security-updates at sle-security-updates at
Fri Feb 12 23:18:20 UTC 2021

   SUSE Security Update: Security Beta update for SUSE Manager Client Tools

Announcement ID:    SUSE-SU-2021:14623-1
Rating:             moderate
References:         #1083110 #1157479 #1158441 #1159284 #1162504 
                    #1163981 #1165425 #1167556 #1169604 #1171257 
                    #1171461 #1172211 #1173909 #1173911 #1175549 
                    #1176293 #1176823 #1178319 #1178361 #1178362 
                    #1178485 #1179566 #1180584 
Cross-References:   CVE-2019-17361 CVE-2020-16846 CVE-2020-17490
CVSS scores:
                    CVE-2019-17361 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-17361 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-16846 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-16846 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-17490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-17490 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-25592 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-25592 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA

   An update that solves four vulnerabilities and has 19 fixes
   is now available.


   This update fixes the following issues:


   - Initial release (Closes: #968029).


   - Remove deprecated warning that breaks minion execution when
     "server_id_use_crc" opts is missing
   - Revert wrong zypper patch to support vendorchanges flags on pkg.install
   - Force zyppnotify to prefer Packages.db than Packages if it exists
   - Allow vendor change option with zypper
   - Add pkg.services_need_restart
   - Fix for file.check_perms to work with numeric uid/gid
   - Virt: more network support Add more network and PCI/USB host devices
     passthrough support to virt module and states
   - Bigvm backports
   - Virt consoles, CPU tuning and topology, and memory tuning.
   - Fix pkg states when DEB package has "all" arch
   - Do not force beacons configuration to be a list. Revert
   - Drop wrong virt capabilities code after rebasing patches
   - Update to Salt release version 3002.2
   - See release notes:
   - Force zyppnotify to prefer Packages.db than Packages if it exists
   - Allow vendor change option with zypper
   - Add pkg.services_need_restart
   - Bigvm backports: virt consoles, CPU tuning and topology, and memory
   - Fix for file.check_perms to work with numeric uid/gid
   - Change 'Requires(pre)' to 'Requires' for salt-minion package
   - Set passphrase for salt-ssh keys to empty string (bsc#1178485)
   - Properly validate eauth credentials and tokens on SSH calls made by Salt
     API (bsc#1178319) (bsc#1178362) (bsc#1178361) (CVE-2020-25592)
     (CVE-2020-17490) (CVE-2020-16846)
   - Fix novendorchange handling in zypperpkg module
   - Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
   - Adding missing virt backports to 3000.3
   - Do not raise StreamClosedError traceback but only log it (bsc#1175549)
   - Update to Salt release version 3000.3 See release notes:
   - Take care of failed, skipped and unreachable tasks and propagate
     "retcode" (bsc#1173911) (bsc#1173909)
   - Msgpack: support versions >= 1.0.0 (bsc#1171257)
   - Fix the registration of libvirt pool and nodedev events
   - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211)
   - Info_installed works without status attr now (bsc#1171461)
   - Prevent sporious "salt-api" stuck processes when managing SSH minions
     because of logging deadlock (bsc#1159284)
   - Avoid segfault from "salt-api" under certain conditions of heavy load
     managing SSH minions (bsc#1169604)
   - Update to Salt version 3000 See release notes: loop: fix
     variable names for until_no_eval
   - Enable building and installation for Fedora
   - Disable python2 build on Tumbleweed We are removing the python2
     interpreter from openSUSE (SLE16). As such disable salt building for
     python2 there.
   - Sanitize grains loaded from roster_grains.json cache during "state.pkg"
   - Build: Buildequire pkgconfig(systemd) instead of systemd
     pkgconfig(systemd) is provided by systemd, so this is de-facto no
     change. But inside the Open Build Service (OBS), the same symbol is also
     provided by systemd-mini, which exists to shorten build-chains by only
     enabling what other packages need to successfully build
   - Backport saltutil state module to 2019.2 codebase (bsc#1167556)
   - Add new custom SUSE capability for saltutil state module
   - Virt._get_domain: don't raise an exception if there is no VM
   - Adds test for zypper abbreviation fix
   - Improved storage pool or network handling
   - Better import cache handline
   - Requiring python3-distro only for openSUSE/SLE >= 15
   - Use full option name instead of undocumented abbreviation for zypper
   - Python-distro is only needed for > Python 3.7. Removing it for Python 2
   - RHEL/CentOS 8 uses platform-python instead of python3
   - Enable build for Python 3.8
   - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981)
     (bsc#1162504) See release notes:
   - Enable passing grains to start event based on 'start_event_grains'
     configuration parameter
   - Support for Btrfs and XFS in parted and mkfs added Adds
     virt.(pool|network)_get_xml functions Various libvirt updates
   - Let salt-ssh use platform-python on RHEL8 (bsc#1158441)
   - Fix StreamClosedError issue (bsc#1157479)
   - Requires vs BuildRequires
   - Limiting M2Crypto to >= SLE15
   - Replacing pycrypto with M2Crypto (bsc#1165425)
   - Update to 2019.2.2 release zypperpkg: understand product type
   - Enable usage of downloadonly parameter for apt module
   - Add new "salt-standalone-formulas-configuration" package


   - Fix spacecmd with no parameters produces traceback
     on SLE 11 SP4 (bsc#1176823)
   - Fixed "non-advanced" package search when using multiple package names
   - Added '-r REVISION' option to the 'configchannel_updateinitsls' command
   - Fix: internal: workaround for future tee of logs translation

Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA:

      zypper in -t patch suse-ubu204ct-client-tools-beta-202101-14623=1

Package List:

   - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (amd64):


   - SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all):



More information about the sle-security-updates mailing list