SUSE-SU-2021:3621-1: moderate: Security update for SUSE Manager Server 4.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Fri Nov 5 20:17:10 UTC 2021
SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:3621-1
Rating: moderate
References: #1185951 #1187998 #1188315 #1189609 #1189643
#1189818 #1190151 #1190166 #1190265 #1190276
#1190512 #1190665 #1190751 #1191144 #1191222
#1191274 #1191444 #1191495 #1191538 #1191643
#1191898
Cross-References: CVE-2021-21996
CVSS scores:
CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves one vulnerability and has 20 fixes is
now available.
Description:
This update fixes the following issues:
grafana-formula:
- Version 0.4.2
* Add SSH blackbox status check panel to clients dashboard
* Migrate deprecated panels in clients dashboard
prometheus-formula:
- Version 0.3.4
* Fix opening Prometheus ports on proxy
- Version 0.3.3
* Add Prometheus targets configuration for minions SSH probing
* Add blackbox exporter
* Open Prometheus ports (bsc#1191144)
py26-compat-salt:
- Exclude the full path of a download URL to prevent injection of alicious
code (bsc#1190265, CVE-2021-21996)
py26-compat-tornado:
- No relevant changes for users
py27-compat-salt:
- Fix the regression of docker_container state module
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of
malicious code (bsc#1190265, CVE-2021-21996)
- Fix wrong relative paths resolution with Jinja renderer when importing
subdirectories
spacecmd:
- Version 4.1.15-1
* configchannel_updatefile handles directory properly (bsc#1190512)
spacewalk-backend:
- Version 4.1.29-1
* Avoid GPG errors messages in reposync caused by rpm not understanding
signatures (bsc#1191538)
* handle download of metadata filesnames with checksums (bsc#1188315)
* Sanitize cached filename for custom SSL certs used by reposync
(bsc#1190751)
spacewalk-certs-tools:
- Version 4.1.19-1
* add GPG keys using apt-key on debian machines (bsc#1187998)
* set key format to PEM when generating key for traditional clients push
ssh (bsc#1189643)
spacewalk-java:
- Version 4.1.41-1
* Move pickedup actions to history as soon as they are pickedup
(bsc#1191444)
* On salt-ssh minions, enforce package list refresh after state apply
* Fix internal server error on DuplicateSystemsCompare (bsc#1191643)
* mgr-sync refresh logs when a vendor channel is expire and shows how to
remove it (bsc#1191222)
* Remove NullPointerException in rhn_web_ui.log when building an image
(bsc#1185951)
* Add checksums to repository metadata filenames (bsc#1188315)
* Fix ISE in product migration if base product is missing (bsc#1190151)
* use TLSv1.3 if it is a supported Protocol
* Adapt auto errata update to respect maintenance windows
* Adapt auto errata update to skip during CLM build (bsc#1189609)
* Update kernel live patch version on minion startup (bsc#1190276)
spacewalk-reports:
- Version 4.1.4-1
* Improve performance of inventory report (bsc#1191495)
spacewalk-web:
- Version 4.1.30-1
* Update Web UI version to 4.1.12
subscription-matcher:
- Version 0.27
* update subscription rules for new SKUs (bsc#1189818)
susemanager:
- Version 4.1.31-1
* Add the gnupg package for ubuntu which is then needed by apt-key
(bsc#1187998)
* Add python-mako, python-gnupg and gnupg1 to the Debian 9 bootstrap
repository so bootstrapping without any enabled repositories is
possible (bsc#1191898)
susemanager-doc-indexes:
- Add SLS state for keeping clients updated in Client Configuration Guide
- Fixed unpublished patches note in the server update chapter of the
Upgrade Guide
- Added DNS resolution for minions to the troubleshooting section in the
Client Configuration Guide
- Documented low disc space warnings in the managing disk space chapter of
the Administration Guide
- In the ports section of the Installation Guide, mention tftpsync
explicitly for port 443 (bsc#1190665)
- In server upgrade procedure of the Upgrade Guide, add zypper ref step to
refresh repositories reliably
- Update effective_cache_size section of the Salt Guide (bsc#1191274)
- Documented new filter in the content lifecycle management chapter of the
Administration Guide
- Added aarch64 support for clients in the Installation Guide and Client
Configuration Guide
- Documented AWS Permissions for Virtual Host Manager in VHM and Amazon
Web Services chapter of the Client Configuration Guide
- Removed an outdated patches note in the server update chapter of the
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
susemanager-docs_en:
- Add SLS state for keeping clients updated in Client Configuration Guide
- Fixed unpublished patches note in the server update chapter of the
Upgrade Guide
- Added DNS resolution for minions to the troubleshooting section in the
Client Configuration Guide
- Documented low disc space warnings in the managing disk space chapter of
the Administration Guide
- In the ports section of the Installation Guide, mention tftpsync
explicitly for port 443 (bsc#1190665)
- In server upgrade procedure of the Upgrade Guide, add zypper ref step to
refresh repositories reliably
- Update effective_cache_size section of the Salt Guide (bsc#1191274)
- Documented new filter in the content lifecycle management chapter of the
Administration Guide
- Added aarch64 support for clients in the Installation Guide and Client
Configuration Guide
- Documented AWS Permissions for Virtual Host Manager in VHM and Amazon
Web Services chapter of the Client Configuration Guide
- Removed an outdated patches note in the server update chapter of the
- Fixed mgr-cfg-* issues in appendix of the Reference Guide. Run the
commands on the client (bsc#1190166)
- Removed Portus and CaaSP references from the image management chapter
susemanager-sls:
- Version 4.1.31-1
* Fix mgrcompat state module to work with Salt 3003 and 3004
* Update kernel live patch version on minion startup (bsc#1190276)
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3621=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
py26-compat-tornado-4.2.1-3.3.2
py26-compat-tornado-debuginfo-4.2.1-3.3.2
py26-compat-tornado-debugsource-4.2.1-3.3.2
susemanager-4.1.31-3.39.2
susemanager-tools-4.1.31-3.39.2
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
grafana-formula-0.4.2-3.12.2
prometheus-formula-0.3.4-3.12.2
py26-compat-salt-2016.11.10-17.2
py27-compat-salt-3000.3-6.15.2
python3-spacewalk-certs-tools-4.1.19-3.22.2
spacecmd-4.1.15-4.30.2
spacewalk-backend-4.1.29-4.44.2
spacewalk-backend-app-4.1.29-4.44.2
spacewalk-backend-applet-4.1.29-4.44.2
spacewalk-backend-config-files-4.1.29-4.44.2
spacewalk-backend-config-files-common-4.1.29-4.44.2
spacewalk-backend-config-files-tool-4.1.29-4.44.2
spacewalk-backend-iss-4.1.29-4.44.2
spacewalk-backend-iss-export-4.1.29-4.44.2
spacewalk-backend-package-push-server-4.1.29-4.44.2
spacewalk-backend-server-4.1.29-4.44.2
spacewalk-backend-sql-4.1.29-4.44.2
spacewalk-backend-sql-postgresql-4.1.29-4.44.2
spacewalk-backend-tools-4.1.29-4.44.2
spacewalk-backend-xml-export-libs-4.1.29-4.44.2
spacewalk-backend-xmlrpc-4.1.29-4.44.2
spacewalk-base-4.1.30-3.36.1
spacewalk-base-minimal-4.1.30-3.36.1
spacewalk-base-minimal-config-4.1.30-3.36.1
spacewalk-certs-tools-4.1.19-3.22.2
spacewalk-html-4.1.30-3.36.1
spacewalk-java-4.1.41-3.58.2
spacewalk-java-config-4.1.41-3.58.2
spacewalk-java-lib-4.1.41-3.58.2
spacewalk-java-postgresql-4.1.41-3.58.2
spacewalk-reports-4.1.4-3.6.2
spacewalk-taskomatic-4.1.41-3.58.2
subscription-matcher-0.27-3.12.2
susemanager-doc-indexes-4.1-11.46.2
susemanager-docs_en-4.1-11.46.2
susemanager-docs_en-pdf-4.1-11.46.2
susemanager-sls-4.1.31-3.51.2
susemanager-web-libs-4.1.30-3.36.1
uyuni-config-modules-4.1.31-3.51.2
References:
https://www.suse.com/security/cve/CVE-2021-21996.html
https://bugzilla.suse.com/1185951
https://bugzilla.suse.com/1187998
https://bugzilla.suse.com/1188315
https://bugzilla.suse.com/1189609
https://bugzilla.suse.com/1189643
https://bugzilla.suse.com/1189818
https://bugzilla.suse.com/1190151
https://bugzilla.suse.com/1190166
https://bugzilla.suse.com/1190265
https://bugzilla.suse.com/1190276
https://bugzilla.suse.com/1190512
https://bugzilla.suse.com/1190665
https://bugzilla.suse.com/1190751
https://bugzilla.suse.com/1191144
https://bugzilla.suse.com/1191222
https://bugzilla.suse.com/1191274
https://bugzilla.suse.com/1191444
https://bugzilla.suse.com/1191495
https://bugzilla.suse.com/1191538
https://bugzilla.suse.com/1191643
https://bugzilla.suse.com/1191898
More information about the sle-security-updates
mailing list