SUSE-SU-2021:14753-1: important: Security update for SUSE Manager Client Tools
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Mon Jun 21 22:50:05 UTC 2021
SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:14753-1
Rating: important
References: #1173557 #1177884 #1177928 #1180583 #1180584
#1180585 #1185178 #1185281
Cross-References: CVE-2021-31607
CVSS scores:
CVE-2021-31607 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2021-31607 (SUSE): 7 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS
______________________________________________________________________________
An update that solves one vulnerability and has 7 fixes is
now available.
Description:
This update fixes the following issues:
golang-github-wrouesnel-postgres_exporter:
- Add support for aarch64
mgr-cfg:
- SPEC: Updated Python definitions for RHEL8 and quoted text comparisons.
mgr-custom-info:
- Update package version to 4.2.0
mgr-daemon:
- Update translation strings
- Update the translations from weblate
- Added quotes around %{_vendor} token for the if statements in spec file.
- Fix removal of mgr-deamon with selinux enabled (bsc#1177928)
- Updating translations from weblate
mgr-osad:
- Change the log file permissions as expected by logrotate (bsc#1177884)
- Change deprecated path /var/run into /run for systemd (bsc#1185178)
- Python fixes
- Removal of RHEL5
mgr-push:
- Defined __python for python2.
- Excluded RHEL8 for Python 2 build.
mgr-virtualization:
- Update package version to 4.2.0
rhnlib:
- Update package version to 4.2.0
salt:
- Prevent command injection in the snapper module (bsc#1185281)
(CVE-2021-31607)
spacecmd:
- Rename system migration to system transfer
- Rename SP to product migration
- Update translation strings
- Add group_addconfigchannel and group_removeconfigchannel
- Add group_listconfigchannels and configchannel_listgroups
- Fix spacecmd compat with Python 3
- Deprecated "Software Crashes" feature
- Document advanced package search on '--help' (bsc#1180583)
- Fixed advanced search on 'package_listinstalledsystems'
- Fixed duplicate results when using multiple search criteria (bsc#1180585)
- Fixed "non-advanced" package search when using multiple package names
(bsc#1180584)
- Update translations
- Fix: make spacecmd build on Debian
- Add Service Pack migration operations (bsc#1173557)
spacewalk-client-tools:
- Update the translations from weblate
- Drop the --noSSLServerURL option
- Updated RHEL Python requirements.
- Added quotes around %{_vendor}.
spacewalk-koan:
- Fix for spacewalk-koan test
spacewalk-oscap:
- Update package version to 4.2.0
spacewalk-remote-utils:
- Update package version to 4.2.0
supportutils-plugin-susemanager-client:
- Update package version to 4.2.0
suseRegisterInfo:
- Add support for Amazon Linux 2
- Add support for Alibaba Cloud Linux 2
- Adapted for RHEL build.
uyuni-base:
- Added Apache as prerequisite for RHEL and Fedora (due to required users).
- Removed RHEL specific folder rights from SPEC file.
- Added RHEL8 compatibility.
uyuni-common-libs:
- Cleaning up unused Python 2 build leftovers.
- Disabled debug package build.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:
zypper in -t patch slesctsp4-client-tools-202105-14753=1
- SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:
zypper in -t patch slesctsp3-client-tools-202105-14753=1
Package List:
- SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):
mgr-cfg-4.2.2-5.15.2
mgr-cfg-actions-4.2.2-5.15.2
mgr-cfg-client-4.2.2-5.15.2
mgr-cfg-management-4.2.2-5.15.2
mgr-custom-info-4.2.1-5.9.2
mgr-daemon-4.2.7-5.26.1
mgr-osad-4.2.5-5.27.2
mgr-push-4.2.2-5.9.2
mgr-virtualization-host-4.2.1-5.17.3
python2-mgr-cfg-4.2.2-5.15.2
python2-mgr-cfg-actions-4.2.2-5.15.2
python2-mgr-cfg-client-4.2.2-5.15.2
python2-mgr-cfg-management-4.2.2-5.15.2
python2-mgr-osa-common-4.2.5-5.27.2
python2-mgr-osad-4.2.5-5.27.2
python2-mgr-push-4.2.2-5.9.2
python2-mgr-virtualization-common-4.2.1-5.17.3
python2-mgr-virtualization-host-4.2.1-5.17.3
python2-rhnlib-4.2.3-12.31.1
python2-spacewalk-check-4.2.10-27.50.1
python2-spacewalk-client-setup-4.2.10-27.50.1
python2-spacewalk-client-tools-4.2.10-27.50.1
python2-spacewalk-koan-4.2.3-9.21.1
python2-spacewalk-oscap-4.2.1-6.15.3
python2-suseRegisterInfo-4.2.3-6.15.1
python2-uyuni-common-libs-4.2.3-5.12.1
salt-2016.11.10-43.75.1
salt-doc-2016.11.10-43.75.1
salt-minion-2016.11.10-43.75.1
spacecmd-4.2.8-18.84.1
spacewalk-check-4.2.10-27.50.1
spacewalk-client-setup-4.2.10-27.50.1
spacewalk-client-tools-4.2.10-27.50.1
spacewalk-koan-4.2.3-9.21.1
spacewalk-oscap-4.2.1-6.15.3
suseRegisterInfo-4.2.3-6.15.1
- SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 x86_64):
golang-github-wrouesnel-postgres_exporter-0.4.7-5.12.1
- SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch):
spacewalk-remote-utils-4.2.1-6.18.2
supportutils-plugin-susemanager-client-4.2.2-9.21.1
- SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64):
mgr-cfg-4.2.2-5.15.2
mgr-cfg-actions-4.2.2-5.15.2
mgr-cfg-client-4.2.2-5.15.2
mgr-cfg-management-4.2.2-5.15.2
mgr-custom-info-4.2.1-5.9.2
mgr-daemon-4.2.7-5.26.1
mgr-osad-4.2.5-5.27.2
mgr-push-4.2.2-5.9.2
mgr-virtualization-host-4.2.1-5.17.3
python2-mgr-cfg-4.2.2-5.15.2
python2-mgr-cfg-actions-4.2.2-5.15.2
python2-mgr-cfg-client-4.2.2-5.15.2
python2-mgr-cfg-management-4.2.2-5.15.2
python2-mgr-osa-common-4.2.5-5.27.2
python2-mgr-osad-4.2.5-5.27.2
python2-mgr-push-4.2.2-5.9.2
python2-mgr-virtualization-common-4.2.1-5.17.3
python2-mgr-virtualization-host-4.2.1-5.17.3
python2-rhnlib-4.2.3-12.31.1
python2-spacewalk-check-4.2.10-27.50.1
python2-spacewalk-client-setup-4.2.10-27.50.1
python2-spacewalk-client-tools-4.2.10-27.50.1
python2-spacewalk-koan-4.2.3-9.21.1
python2-spacewalk-oscap-4.2.1-6.15.3
python2-suseRegisterInfo-4.2.3-6.15.1
python2-uyuni-common-libs-4.2.3-5.12.1
salt-2016.11.10-43.75.1
salt-doc-2016.11.10-43.75.1
salt-minion-2016.11.10-43.75.1
spacecmd-4.2.8-18.84.1
spacewalk-check-4.2.10-27.50.1
spacewalk-client-setup-4.2.10-27.50.1
spacewalk-client-tools-4.2.10-27.50.1
spacewalk-koan-4.2.3-9.21.1
spacewalk-oscap-4.2.1-6.15.3
suseRegisterInfo-4.2.3-6.15.1
- SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 x86_64):
golang-github-wrouesnel-postgres_exporter-0.4.7-5.12.1
- SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch):
spacewalk-remote-utils-4.2.1-6.18.2
supportutils-plugin-susemanager-client-4.2.2-9.21.1
References:
https://www.suse.com/security/cve/CVE-2021-31607.html
https://bugzilla.suse.com/1173557
https://bugzilla.suse.com/1177884
https://bugzilla.suse.com/1177928
https://bugzilla.suse.com/1180583
https://bugzilla.suse.com/1180584
https://bugzilla.suse.com/1180585
https://bugzilla.suse.com/1185178
https://bugzilla.suse.com/1185281
More information about the sle-security-updates
mailing list