SUSE-RU-2022:1386-1: important: Recommended update for SUSE Manager Client Tools

sle-updates at lists.suse.com sle-updates at lists.suse.com
Mon Apr 25 19:39:55 UTC 2022


   SUSE Recommended Update: Recommended update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    SUSE-RU-2022:1386-1
Rating:             important
References:         #1182851 #1194363 #1194632 #1194909 #1196050 
                    #1196432 #1197417 #1197533 #1197637 ECO-3319 
                    
Affected Products:
                    SUSE Manager Debian 10-CLIENT-TOOLS
______________________________________________________________________________

   An update that solves four vulnerabilities, contains one
   feature and has 5 fixes is now available.

Description:

   This update fixes the following issues:

   salt:

   - Fix regression preventing bootstrapping new clients caused by redundant
     dependency on psutil (bsc#1197533)
   - Prevent data pollution between actions processed at the same time
     (bsc#1197637)
   - Fix salt-ssh opts poisoning (bsc#1197637)
   - Remove duplicated method definitions in salt.netapi
   - Clear network interfaces cache on grains request (bsc#1196050)
   - Add salt-ssh with Salt Bundle support (venv-salt-minion)
   - Fix Salt-API failure due to an exception from the scheduled SSH-Push
     Tasks. (bsc#1182851, bsc#1196432)
   - Restrict "state.orchestrate_single" to pass a pillar value if it exists
     (bsc#1194632)

   scap-security-guide:

   - Updated to 0.1.60 (jsc#ECO-3319)
     - New draft stig profile v1r1 for OL8
     - New product Amazon EKS platform and initial CIS profiles
     - New product CentOS Stream 9, as a derivative from RHEL9 product

   spacecmd:

   - Version 4.2.16-1
     * implement system.bootstrap (bsc#1194909)
     * Fix interactive mode for "system_applyerrata" and "errata_apply"
       (bsc#1194363)


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Debian 10-CLIENT-TOOLS:

      zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2022-1386=1



Package List:

   - SUSE Manager Debian 10-CLIENT-TOOLS (all):

      salt-common-3002.2+ds-1+2.51.1
      salt-minion-3002.2+ds-1+2.51.1
      scap-security-guide-debian-0.1.60-2.18.1
      spacecmd-4.2.16-2.27.1


References:

   https://www.suse.com/security/cve/CVE-2022-22934.html
   https://www.suse.com/security/cve/CVE-2022-22935.html
   https://www.suse.com/security/cve/CVE-2022-22936.html
   https://www.suse.com/security/cve/CVE-2022-22941.html
   https://bugzilla.suse.com/1182851
   https://bugzilla.suse.com/1194363
   https://bugzilla.suse.com/1194632
   https://bugzilla.suse.com/1194909
   https://bugzilla.suse.com/1196050
   https://bugzilla.suse.com/1196432
   https://bugzilla.suse.com/1197417
   https://bugzilla.suse.com/1197533
   https://bugzilla.suse.com/1197637



More information about the sle-updates mailing list