SUSE-SU-2021:14623-1: moderate: Security Beta update for SUSE Manager Client Tools
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Fri Feb 12 23:18:18 UTC 2021
SUSE Security Update: Security Beta update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2021:14623-1
Rating: moderate
References: #1083110 #1157479 #1158441 #1159284 #1162504
#1163981 #1165425 #1167556 #1169604 #1171257
#1171461 #1172211 #1173909 #1173911 #1175549
#1176293 #1176823 #1178319 #1178361 #1178362
#1178485 #1179566 #1180584
Cross-References: CVE-2019-17361 CVE-2020-16846 CVE-2020-17490
CVE-2020-25592
CVSS scores:
CVE-2019-17361 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2019-17361 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-16846 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-16846 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-17490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE-2020-17490 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE-2020-25592 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2020-25592 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA
______________________________________________________________________________
An update that solves four vulnerabilities and has 19 fixes
is now available.
Description:
This update fixes the following issues:
prometheus-exporter-exporter:
- Initial release (Closes: #968029).
salt:
- Remove deprecated warning that breaks minion execution when
"server_id_use_crc" opts is missing
- Revert wrong zypper patch to support vendorchanges flags on pkg.install
- Force zyppnotify to prefer Packages.db than Packages if it exists
- Allow vendor change option with zypper
- Add pkg.services_need_restart
- Fix for file.check_perms to work with numeric uid/gid
- Virt: more network support Add more network and PCI/USB host devices
passthrough support to virt module and states
- Bigvm backports
- Virt consoles, CPU tuning and topology, and memory tuning.
- Fix pkg states when DEB package has "all" arch
- Do not force beacons configuration to be a list. Revert
https://github.com/saltstack/salt/pull/58655
- Drop wrong virt capabilities code after rebasing patches
- Update to Salt release version 3002.2
- See release notes:
https://docs.saltstack.com/en/latest/topics/releases/3002.2.html
- Force zyppnotify to prefer Packages.db than Packages if it exists
- Allow vendor change option with zypper
- Add pkg.services_need_restart
- Bigvm backports: virt consoles, CPU tuning and topology, and memory
tuning.
- Fix for file.check_perms to work with numeric uid/gid
- Change 'Requires(pre)' to 'Requires' for salt-minion package
(bsc#1083110)
- Set passphrase for salt-ssh keys to empty string (bsc#1178485)
- Properly validate eauth credentials and tokens on SSH calls made by Salt
API (bsc#1178319) (bsc#1178362) (bsc#1178361) (CVE-2020-25592)
(CVE-2020-17490) (CVE-2020-16846)
- Fix novendorchange handling in zypperpkg module
- Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
- Adding missing virt backports to 3000.3
- Do not raise StreamClosedError traceback but only log it (bsc#1175549)
- Update to Salt release version 3000.3 See release notes:
https://docs.saltstack.com/en/latest/topics/releases/3000.3.html
- Take care of failed, skipped and unreachable tasks and propagate
"retcode" (bsc#1173911) (bsc#1173909)
- Msgpack: support versions >= 1.0.0 (bsc#1171257)
- Fix the registration of libvirt pool and nodedev events
- Accept nested namespaces in spacewalk.api runner function. (bsc#1172211)
- Info_installed works without status attr now (bsc#1171461)
- Prevent sporious "salt-api" stuck processes when managing SSH minions
because of logging deadlock (bsc#1159284)
- Avoid segfault from "salt-api" under certain conditions of heavy load
managing SSH minions (bsc#1169604)
- Update to Salt version 3000 See release notes:
https://docs.saltstack.com/en/latest/topics/releases/3000.html loop: fix
variable names for until_no_eval
- Enable building and installation for Fedora
- Disable python2 build on Tumbleweed We are removing the python2
interpreter from openSUSE (SLE16). As such disable salt building for
python2 there.
- Sanitize grains loaded from roster_grains.json cache during "state.pkg"
- Build: Buildequire pkgconfig(systemd) instead of systemd
pkgconfig(systemd) is provided by systemd, so this is de-facto no
change. But inside the Open Build Service (OBS), the same symbol is also
provided by systemd-mini, which exists to shorten build-chains by only
enabling what other packages need to successfully build
- Backport saltutil state module to 2019.2 codebase (bsc#1167556)
- Add new custom SUSE capability for saltutil state module
- Virt._get_domain: don't raise an exception if there is no VM
- Adds test for zypper abbreviation fix
- Improved storage pool or network handling
- Better import cache handline
- Requiring python3-distro only for openSUSE/SLE >= 15
- Use full option name instead of undocumented abbreviation for zypper
- Python-distro is only needed for > Python 3.7. Removing it for Python 2
- RHEL/CentOS 8 uses platform-python instead of python3
- Enable build for Python 3.8
- Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981)
(bsc#1162504) See release notes:
https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html
- Enable passing grains to start event based on 'start_event_grains'
configuration parameter
- Support for Btrfs and XFS in parted and mkfs added Adds
virt.(pool|network)_get_xml functions Various libvirt updates
- Let salt-ssh use platform-python on RHEL8 (bsc#1158441)
- Fix StreamClosedError issue (bsc#1157479)
- Requires vs BuildRequires
- Limiting M2Crypto to >= SLE15
- Replacing pycrypto with M2Crypto (bsc#1165425)
- Update to 2019.2.2 release zypperpkg: understand product type
- Enable usage of downloadonly parameter for apt module
- Add new "salt-standalone-formulas-configuration" package
spacecmd:
- Fix spacecmd with no parameters produces traceback
on SLE 11 SP4 (bsc#1176823)
- Fixed "non-advanced" package search when using multiple package names
(bsc#1180584)
- Added '-r REVISION' option to the 'configchannel_updateinitsls' command
(bsc#1179566)
- Fix: internal: workaround for future tee of logs translation
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA:
zypper in -t patch suse-ubu204ct-client-tools-beta-202101-14623=1
Package List:
- SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (amd64):
prometheus-exporter-exporter-0.4.0-1
- SUSE Manager Ubuntu 20.04-CLIENT-TOOLS-BETA (all):
salt-common-3002.2+ds-1+2.11.1
salt-minion-3002.2+ds-1+2.11.1
spacecmd-4.2.4-2.9.1
References:
https://www.suse.com/security/cve/CVE-2019-17361.html
https://www.suse.com/security/cve/CVE-2020-16846.html
https://www.suse.com/security/cve/CVE-2020-17490.html
https://www.suse.com/security/cve/CVE-2020-25592.html
https://bugzilla.suse.com/1083110
https://bugzilla.suse.com/1157479
https://bugzilla.suse.com/1158441
https://bugzilla.suse.com/1159284
https://bugzilla.suse.com/1162504
https://bugzilla.suse.com/1163981
https://bugzilla.suse.com/1165425
https://bugzilla.suse.com/1167556
https://bugzilla.suse.com/1169604
https://bugzilla.suse.com/1171257
https://bugzilla.suse.com/1171461
https://bugzilla.suse.com/1172211
https://bugzilla.suse.com/1173909
https://bugzilla.suse.com/1173911
https://bugzilla.suse.com/1175549
https://bugzilla.suse.com/1176293
https://bugzilla.suse.com/1176823
https://bugzilla.suse.com/1178319
https://bugzilla.suse.com/1178361
https://bugzilla.suse.com/1178362
https://bugzilla.suse.com/1178485
https://bugzilla.suse.com/1179566
https://bugzilla.suse.com/1180584
More information about the sle-updates
mailing list