SUSE-SU-2022:0310-1: moderate: Security Beta update for SUSE Manager Client Tools
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Feb 2 14:41:32 UTC 2022
SUSE Security Update: Security Beta update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:0310-1
Rating: moderate
References: #1173103 #1191285 #1191454 #1192487 #1193600
#1193688
Cross-References: CVE-2021-39226 CVE-2021-43813
CVSS scores:
CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Manager Tools 12-BETA
______________________________________________________________________________
An update that solves two vulnerabilities and has four
fixes is now available.
Description:
This update fixes the following issues:
grafana:
- Update to version 7.5.12:
* Fix markdown path traversal (#42969, bsc#1193688, CVE-2021-43813)
- Recreate tarballs using the makefile to update the npm and go modules
required
- Update to version 7.5.11:
* Fix Snapshot authentication bypass (bsc#1191454, CVE-2021-39226)
* Fix certs issue (#40002)
* Release v7.5.11 (#124)
* Fix static path matching issue in macaron
* OAuth: add docs for disableAutoLogin param (#38752) (#38894)
* Fix #747; remove 'other variables'. (#37866) (#37878)
* Update alert docs (#33658) (#33659)
* [7.5.x] Docs: added documentation for the "prepare time
series"-transformation. (#36836)
* cherry picked dc5778c303ca555b70e8ca8c28e95997e26ecfc1 (#36813)
* "Release: Updated versions in package to 7.5.10" (#36792)
* [v7.5.x] Transformations: add 'prepare time series' transformer
(#36749)
* Remove verify-drone from windows (#36775)
* Update queries.md (#31941) (#36764)
* Updated content to specify method to use to get keyboard shortcuts;
(#36084) (#36087)
* ReleaseNotes: Updated changelog and release notes for 7.5.9 (#36057)
(#36077)
* "Release: Updated versions in package to 7.5.9" (#36056)
* Login: Fixes Unauthorized message showing when on login page or
snapshot page (#35311) (#35880)
* ReleaseNotes: Updated changelog and release notes for 7.5.8 (#35703)
(#35822)
* CI: Upgrade pipeline tool to use main (#35804)
* CI: try to force v7.5.x instead of master (#35799)
* CI: supports move from master to main in 7.5.x release branch (#35747)
* "Release: Updated versions in package to 7.5.8" (#35701)
* Chore: Bump acorn and lodash-es (#35650)
* Snapshots: Remove dashboard links from snapshots (#35567) (#35585)
* [v7.5.x] Datasource: Allow configuring `MaxConnsPerHost` (#35519)
* Remove docs sync from v7.5.x (#35443)
* "Release: Updated versions in package to 7.5.7" (#35412)
* Add max_idle_connections_per_host to config (#35365)
* Update go.sum to fix failing enterprise pipeline (#35353)
* [v7.5.x] HTTP Client: Introduce `go-conntrack` (#35321)
* Fix Markdown syntax in enterprise/license/_index.md (#34683) (#35210)
* Update annotations.md (#33218) (#35138)
* Docs: Add query caching to enterprise docs page (#34751) (#35025)
* [7.5.x] Admin: hide per role counts for licensed users (#34994)
* cleanup shortcodes, image paths (#34827)
* Security: Upgrade Thrift dependency (#34698) (#34702)
* Docs: Fix Quick Start link on Geting Started Influx page (#34549)
(#34603)
* Add link to release notes v7.5.7 (#34460) (#34474)
* Update 7.5.x landing page (#34447)
* ReleaseNotes: Updated changelog and release notes for 7.5.7 (#34383)
(#34428)
- Update to 7.5.10
* [v7.5.x] Transformations: add "prepare time series" transformer.
[#36749]
- Update to 7.5.9
* Login: Fix Unauthorized message that is displayed on sign-in or
snapshot page. [#35880]
kiwi-desc-saltboot:
- Update to version 0.1.1639488226.7c9eab9
* Enable one-time autosign grains for SLE12 and SLE11 clients
mgr-cfg:
- Version 4.3.3-1
* Fix python selinux package name depending on build target (bsc#1193600)
* Do not build python 2 package for SLE15SP4 and higher
mgr-custom-info:
- Version 4.3.3-1
* require python macros for building
mgr-osad:
- Version 4.3.3-1
* require python macros for building
* Do not build python 2 package for SLE15SP4 and higher
mgr-push:
- Version 4.3.2-1
* Do not build python 2 package for SLE15SP4 and higher
mgr-virtualization:
- Version 4.3.2-1
* require python macros for building
* Do not build python 2 package for SLE15SP4 and higher
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.2-1
* do not build python 2 package for SLE15
salt:
- Fix tmpfiles.d configuration for salt to not use legacy paths
(bsc#1173103)
- Fix the regression of docker_container state module (bsc#1191285)
spacecmd:
- Version 4.3.5-1
* require python macros for building
spacewalk-client-tools:
- Version 4.3.5-1
* require python macros for building
* do not build python 2 package for SLE15
spacewalk-koan:
- Version 4.3.2-1
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-oscap:
- Version 4.3.2-1
* require python macros for building
* Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.2-1
* require python macros for building
suseRegisterInfo:
- Version 4.3.2-1
* require python macros for building
* Do not build python 2 package for SLE15 and higher
uyuni-common-libs:
- Version 4.3.2-1
* Read modularity data from DISTTAG tag as fallback (bsc#1192487)
* Add decompression of zck files to fileutils
* require python macros for building
zypp-plugin-spacewalk:
- 1.0.11
* require python macros for building
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 12-BETA:
zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-310=1
Package List:
- SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64):
grafana-7.5.12-4.18.1
python2-salt-3000-49.41.3
python2-uyuni-common-libs-4.3.2-3.24.1
python3-salt-3000-49.41.3
salt-3000-49.41.3
salt-doc-3000-49.41.3
salt-minion-3000-49.41.3
- SUSE Manager Tools 12-BETA (noarch):
kiwi-desc-saltboot-0.1.1639488226.7c9eab9-4.12.1
mgr-cfg-4.3.3-4.18.2
mgr-cfg-actions-4.3.3-4.18.2
mgr-cfg-client-4.3.3-4.18.2
mgr-cfg-management-4.3.3-4.18.2
mgr-custom-info-4.3.3-4.12.1
mgr-osad-4.3.3-4.21.2
mgr-push-4.3.2-4.12.2
mgr-virtualization-host-4.3.2-4.12.2
python2-hwdata-2.3.5-15.9.1
python2-mgr-cfg-4.3.3-4.18.2
python2-mgr-cfg-actions-4.3.3-4.18.2
python2-mgr-cfg-client-4.3.3-4.18.2
python2-mgr-cfg-management-4.3.3-4.18.2
python2-mgr-osa-common-4.3.3-4.21.2
python2-mgr-osad-4.3.3-4.21.2
python2-mgr-push-4.3.2-4.12.2
python2-mgr-virtualization-common-4.3.2-4.12.2
python2-mgr-virtualization-host-4.3.2-4.12.2
python2-rhnlib-4.3.2-24.21.1
python2-spacewalk-check-4.3.5-55.36.2
python2-spacewalk-client-setup-4.3.5-55.36.2
python2-spacewalk-client-tools-4.3.5-55.36.2
python2-spacewalk-koan-4.3.2-27.12.1
python2-spacewalk-oscap-4.3.2-22.12.1
python2-suseRegisterInfo-4.3.2-28.18.1
python2-zypp-plugin-spacewalk-1.0.11-33.18.1
spacecmd-4.3.5-41.30.1
spacewalk-check-4.3.5-55.36.2
spacewalk-client-setup-4.3.5-55.36.2
spacewalk-client-tools-4.3.5-55.36.2
spacewalk-koan-4.3.2-27.12.1
spacewalk-oscap-4.3.2-22.12.1
spacewalk-remote-utils-4.3.2-27.12.2
suseRegisterInfo-4.3.2-28.18.1
zypp-plugin-spacewalk-1.0.11-33.18.1
References:
https://www.suse.com/security/cve/CVE-2021-39226.html
https://www.suse.com/security/cve/CVE-2021-43813.html
https://bugzilla.suse.com/1173103
https://bugzilla.suse.com/1191285
https://bugzilla.suse.com/1191454
https://bugzilla.suse.com/1192487
https://bugzilla.suse.com/1193600
https://bugzilla.suse.com/1193688
More information about the sle-security-updates
mailing list