SUSE-SU-2021:0480-1: moderate: Security Beta update for SUSE Manager Client Tools

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Feb 15 20:14:52 UTC 2021


   SUSE Security Update: Security Beta update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    SUSE-SU-2021:0480-1
Rating:             moderate
References:         #1083110 #1157479 #1158441 #1159284 #1162504 
                    #1163981 #1165425 #1167556 #1169604 #1171257 
                    #1171461 #1172211 #1173909 #1173911 #1175549 
                    #1176293 #1176823 #1178319 #1178361 #1178362 
                    #1178485 #1179566 #1180584 
Cross-References:   CVE-2019-17361 CVE-2020-16846 CVE-2020-17490
                    CVE-2020-25592
CVSS scores:
                    CVE-2019-17361 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2019-17361 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-16846 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-16846 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-17490 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-17490 (SUSE): 6.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2020-25592 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2020-25592 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Manager Debian 10-CLIENT-TOOLS-BETA
______________________________________________________________________________

   An update that solves four vulnerabilities and has 19 fixes
   is now available.

Description:

   This update fixes the following issues:

   prometheus-exporter-exporter:

   - Initial release (Closes: #968029).

   salt:

   - Remove deprecated warning that breaks minion execution when
     "server_id_use_crc" opts is missing
   - Revert wrong zypper patch to support vendorchanges flags on pkg.install
   - Force zyppnotify to prefer Packages.db than Packages if it exists
   - Allow vendor change option with zypper
   - Add pkg.services_need_restart
   - Fix for file.check_perms to work with numeric uid/gid
   - Virt: more network support Add more network and PCI/USB host devices
     passthrough support to virt module and states
   - Bigvm backports
   - Virt consoles, CPU tuning and topology, and memory tuning.
   - Fix pkg states when DEB package has "all" arch
   - Do not force beacons configuration to be a list. Revert
     https://github.com/saltstack/salt/pull/58655
   - Drop wrong virt capabilities code after rebasing patches
   - Update to Salt release version 3002.2
   - See release notes:
     https://docs.saltstack.com/en/latest/topics/releases/3002.2.html
   - Force zyppnotify to prefer Packages.db than Packages if it exists
   - Allow vendor change option with zypper
   - Add pkg.services_need_restart
   - Bigvm backports: virt consoles, CPU tuning and topology, and memory
     tuning.
   - Fix for file.check_perms to work with numeric uid/gid
   - Change 'Requires(pre)' to 'Requires' for salt-minion package
     (bsc#1083110)
   - Set passphrase for salt-ssh keys to empty string (bsc#1178485)
   - Properly validate eauth credentials and tokens on SSH calls made by Salt
     API (bsc#1178319) (bsc#1178362) (bsc#1178361) (CVE-2020-25592)
     (CVE-2020-17490) (CVE-2020-16846)
   - Fix novendorchange handling in zypperpkg module
   - Remove msgpack < 1.0.0 from base requirements (bsc#1176293)
   - Adding missing virt backports to 3000.3
   - Do not raise StreamClosedError traceback but only log it (bsc#1175549)
   - Update to Salt release version 3000.3 See release notes:
     https://docs.saltstack.com/en/latest/topics/releases/3000.3.html
   - Take care of failed, skipped and unreachable tasks and propagate
     "retcode" (bsc#1173911) (bsc#1173909)
   - Msgpack: support versions >= 1.0.0 (bsc#1171257)
   - Fix the registration of libvirt pool and nodedev events
   - Accept nested namespaces in spacewalk.api runner function. (bsc#1172211)
   - Info_installed works without status attr now (bsc#1171461)
   - Prevent sporious "salt-api" stuck processes when managing SSH minions
     because of logging deadlock (bsc#1159284)
   - Avoid segfault from "salt-api" under certain conditions of heavy load
     managing SSH minions (bsc#1169604)
   - Update to Salt version 3000 See release notes:
     https://docs.saltstack.com/en/latest/topics/releases/3000.html loop: fix
     variable names for until_no_eval
   - Enable building and installation for Fedora
   - Disable python2 build on Tumbleweed We are removing the python2
     interpreter from openSUSE (SLE16). As such disable salt building for
     python2 there.
   - Sanitize grains loaded from roster_grains.json cache during "state.pkg"
   - Build: Buildequire pkgconfig(systemd) instead of systemd
     pkgconfig(systemd) is provided by systemd, so this is de-facto no
     change. But inside the Open Build Service (OBS), the same symbol is also
     provided by systemd-mini, which exists to shorten build-chains by only
     enabling what other packages need to successfully build
   - Backport saltutil state module to 2019.2 codebase (bsc#1167556)
   - Add new custom SUSE capability for saltutil state module
   - Virt._get_domain: don't raise an exception if there is no VM
   - Adds test for zypper abbreviation fix
   - Improved storage pool or network handling
   - Better import cache handline
   - Requiring python3-distro only for openSUSE/SLE >= 15
   - Use full option name instead of undocumented abbreviation for zypper
   - Python-distro is only needed for > Python 3.7. Removing it for Python 2
   - RHEL/CentOS 8 uses platform-python instead of python3
   - Enable build for Python 3.8
   - Update to Salt version 2019.2.3 (CVE-2019-17361) (bsc#1163981)
     (bsc#1162504) See release notes:
     https://docs.saltstack.com/en/latest/topics/releases/2019.2.3.html
   - Enable passing grains to start event based on 'start_event_grains'
     configuration parameter
   - Support for Btrfs and XFS in parted and mkfs added Adds
     virt.(pool|network)_get_xml functions Various libvirt updates
   - Let salt-ssh use platform-python on RHEL8 (bsc#1158441)
   - Fix StreamClosedError issue (bsc#1157479)
   - Requires vs BuildRequires
   - Limiting M2Crypto to >= SLE15
   - Replacing pycrypto with M2Crypto (bsc#1165425)
   - Update to 2019.2.2 release zypperpkg: understand product type
   - Enable usage of downloadonly parameter for apt module
   - Add new "salt-standalone-formulas-configuration" package

   spacecmd:

   - Fix spacecmd with no parameters produces traceback
     on SLE 11 SP4 (bsc#1176823)
   - Fixed "non-advanced" package search when using multiple package names
     (bsc#1180584)
   - Added '-r REVISION' option to the 'configchannel_updateinitsls' command
     (bsc#1179566)
   - Fix: internal: workaround for future tee of logs translation


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Debian 10-CLIENT-TOOLS-BETA:

      zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-BETA-x86_64-2021-480=1



Package List:

   - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (amd64):

      prometheus-exporter-exporter-0.4.0-1

   - SUSE Manager Debian 10-CLIENT-TOOLS-BETA (all):

      salt-common-3002.2+ds-1+2.6.1
      salt-minion-3002.2+ds-1+2.6.1
      spacecmd-4.2.4-2.6.1


References:

   https://www.suse.com/security/cve/CVE-2019-17361.html
   https://www.suse.com/security/cve/CVE-2020-16846.html
   https://www.suse.com/security/cve/CVE-2020-17490.html
   https://www.suse.com/security/cve/CVE-2020-25592.html
   https://bugzilla.suse.com/1083110
   https://bugzilla.suse.com/1157479
   https://bugzilla.suse.com/1158441
   https://bugzilla.suse.com/1159284
   https://bugzilla.suse.com/1162504
   https://bugzilla.suse.com/1163981
   https://bugzilla.suse.com/1165425
   https://bugzilla.suse.com/1167556
   https://bugzilla.suse.com/1169604
   https://bugzilla.suse.com/1171257
   https://bugzilla.suse.com/1171461
   https://bugzilla.suse.com/1172211
   https://bugzilla.suse.com/1173909
   https://bugzilla.suse.com/1173911
   https://bugzilla.suse.com/1175549
   https://bugzilla.suse.com/1176293
   https://bugzilla.suse.com/1176823
   https://bugzilla.suse.com/1178319
   https://bugzilla.suse.com/1178361
   https://bugzilla.suse.com/1178362
   https://bugzilla.suse.com/1178485
   https://bugzilla.suse.com/1179566
   https://bugzilla.suse.com/1180584



More information about the sle-updates mailing list