SUSE-SU-2022:3178-1: important: Important for SUSE Manager Client Tools

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu Sep 8 13:45:08 UTC 2022


   SUSE Security Update: Important for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:3178-1
Rating:             important
References:         #1176460 #1180816 #1180942 #1181119 #1181935 
                    #1183684 #1187725 #1188061 #1193585 #1197963 
                    #1199528 #1200142 #1200591 #1200968 #1200970 
                    #1201003 #1202614 SLE-23631 SLE-24133 SLE-24791 
                    
Cross-References:   CVE-2021-20178 CVE-2021-20180 CVE-2021-20191
                    CVE-2021-20228 CVE-2021-3447 CVE-2021-3583
                    CVE-2021-3620
CVSS scores:
                    CVE-2021-20178 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-20178 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2021-20180 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-20180 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2021-20191 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-20191 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2021-20228 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-20228 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2021-3447 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3447 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N
                    CVE-2021-3583 (NVD) : 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
                    CVE-2021-3583 (SUSE): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
                    CVE-2021-3620 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
                    CVE-2021-3620 (SUSE): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Affected Products:
                    SUSE Linux Enterprise High Performance Computing 15-ESPOS
                    SUSE Linux Enterprise High Performance Computing 15-LTSS
                    SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1
                    SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2
                    SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.1
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.2
                    SUSE Linux Enterprise Module for SUSE Manager Server 4.3
                    SUSE Linux Enterprise Server 15-LTSS
                    SUSE Linux Enterprise Server for SAP 15
                    SUSE Manager Proxy 4.1
                    SUSE Manager Proxy 4.2
                    SUSE Manager Proxy 4.3
                    SUSE Manager Server 4.1
                    SUSE Manager Server 4.2
                    SUSE Manager Server 4.3
                    SUSE Manager Tools 15
                    openSUSE Leap 15.3
                    openSUSE Leap 15.4
______________________________________________________________________________

   An update that solves 7 vulnerabilities, contains three
   features and has 10 fixes is now available.

Description:

   This update fixes the following issues:

   ansible:

   - Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
     * CVE-2021-3620 ansible-connection module discloses sensitive info in
       traceback error message (in 2.9.27) (bsc#1187725)
     * CVE-2021-3583 Template Injection through yaml multi-line strings with
       ansible facts used in template. (in 2.9.23) (bsc#1188061)
     * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15)
       (bsc#1176460)
   - Update to 2.9.22:
     * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values
     * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
     * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured
       values
     * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes
       sensitive values
     * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

   dracut-saltboot:

   - Require e2fsprogs (bsc#1202614)
   - Update to version 0.1.1657643023.0d694ce
     * Update dracut-saltboot dependencies (bsc#1200970)
     * Fix network loading when ipappend is used in pxe config
     * Add new information messages

   golang-github-QubitProducts-exporter_exporter:

   - Remove license file from %doc

   mgr-daemon:

   - Version 4.3.5-1
     * Update translation strings

   mgr-virtualization:

   - Version 4.3.6-1
     * Report all VMs in poller, not only running ones (bsc#1199528)

   prometheus-blackbox_exporter:

   - Exclude s390 arch

   python-hwdata:

   - Declare the LICENSE file as license and not doc

   spacecmd:

   - Version 4.3.14-1
     * Fix missing argument on system_listmigrationtargets (bsc#1201003)
     * Show correct help on calling kickstart_importjson with no arguments
     * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
     * Change proxy container config default filename to end with tar.gz
     * Update translation strings

   spacewalk-client-tools:

   - Version 4.3.11-1
     * Update translation strings

   uyuni-common-libs:

   - Version 4.3.5-1
     * Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

   uyuni-proxy-systemd-services:

   - Version 4.3.6-1
     * Expose port 80 (bsc#1200142)
     * Use volumes rather than bind mounts
     * TFTPD to listen on udp port (bsc#1200968)
     * Add TAG variable in configuration
     * Fix containers namespaces in configuration

   zypp-plugin-spacewalk:

   - 1.0.13
     * Log in before listing channels. (bsc#1197963, bsc#1193585)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.4:

      zypper in -t patch openSUSE-SLE-15.4-2022-3178=1

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2022-3178=1

   - SUSE Manager Tools 15:

      zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3178=1

   - SUSE Linux Enterprise Server for SAP 15:

      zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3178=1

   - SUSE Linux Enterprise Server 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3178=1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3178=1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3178=1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3178=1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3178=1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3178=1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:

      zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-3178=1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3178=1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS:

      zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3178=1



Package List:

   - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
      prometheus-blackbox_exporter-0.19.0-150000.1.11.1
      wire-0.5.0-150000.1.6.1
      wire-debuginfo-0.5.0-150000.1.6.1

   - openSUSE Leap 15.4 (noarch):

      ansible-2.9.27-150000.1.14.1
      ansible-doc-2.9.27-150000.1.14.1
      ansible-test-2.9.27-150000.1.14.1
      dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1
      python3-hwdata-2.3.5-150000.3.9.1
      spacecmd-4.3.14-150000.3.83.1

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1

   - openSUSE Leap 15.3 (noarch):

      ansible-2.9.27-150000.1.14.1
      ansible-doc-2.9.27-150000.1.14.1
      ansible-test-2.9.27-150000.1.14.1
      dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1
      python2-hwdata-2.3.5-150000.3.9.1
      python3-hwdata-2.3.5-150000.3.9.1
      spacecmd-4.3.14-150000.3.83.1

   - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
      prometheus-blackbox_exporter-0.19.0-150000.1.11.1
      python3-uyuni-common-libs-4.3.5-150000.1.24.1

   - SUSE Manager Tools 15 (noarch):

      ansible-2.9.27-150000.1.14.1
      ansible-doc-2.9.27-150000.1.14.1
      dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1
      mgr-daemon-4.3.5-150000.1.35.1
      mgr-virtualization-host-4.3.6-150000.1.32.1
      python3-hwdata-2.3.5-150000.3.9.1
      python3-mgr-virtualization-common-4.3.6-150000.1.32.1
      python3-mgr-virtualization-host-4.3.6-150000.1.32.1
      python3-spacewalk-check-4.3.11-150000.3.65.1
      python3-spacewalk-client-setup-4.3.11-150000.3.65.1
      python3-spacewalk-client-tools-4.3.11-150000.3.65.1
      python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
      spacecmd-4.3.14-150000.3.83.1
      spacewalk-check-4.3.11-150000.3.65.1
      spacewalk-client-setup-4.3.11-150000.3.65.1
      spacewalk-client-tools-4.3.11-150000.3.65.1
      uyuni-proxy-systemd-services-4.3.6-150000.1.6.1
      zypp-plugin-spacewalk-1.0.13-150000.3.32.1

   - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64):

      golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1

   - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x):

      golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (aarch64 ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch):

      python3-hwdata-2.3.5-150000.3.9.1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (aarch64 ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch):

      python3-hwdata-2.3.5-150000.3.9.1

   - SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):

      python3-hwdata-2.3.5-150000.3.9.1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (aarch64 ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
      prometheus-blackbox_exporter-0.19.0-150000.1.11.1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3 (noarch):

      ansible-2.9.27-150000.1.14.1
      ansible-doc-2.9.27-150000.1.14.1
      python3-hwdata-2.3.5-150000.3.9.1
      python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
      zypp-plugin-spacewalk-1.0.13-150000.3.32.1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (aarch64 ppc64le s390x x86_64):

      golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
      prometheus-blackbox_exporter-0.19.0-150000.1.11.1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2 (noarch):

      ansible-2.9.27-150000.1.14.1
      ansible-doc-2.9.27-150000.1.14.1
      python3-hwdata-2.3.5-150000.3.9.1
      python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
      zypp-plugin-spacewalk-1.0.13-150000.3.32.1

   - SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1 (noarch):

      python3-hwdata-2.3.5-150000.3.9.1
      python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
      zypp-plugin-spacewalk-1.0.13-150000.3.32.1

   - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64):

      golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1

   - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64):

      golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1


References:

   https://www.suse.com/security/cve/CVE-2021-20178.html
   https://www.suse.com/security/cve/CVE-2021-20180.html
   https://www.suse.com/security/cve/CVE-2021-20191.html
   https://www.suse.com/security/cve/CVE-2021-20228.html
   https://www.suse.com/security/cve/CVE-2021-3447.html
   https://www.suse.com/security/cve/CVE-2021-3583.html
   https://www.suse.com/security/cve/CVE-2021-3620.html
   https://bugzilla.suse.com/1176460
   https://bugzilla.suse.com/1180816
   https://bugzilla.suse.com/1180942
   https://bugzilla.suse.com/1181119
   https://bugzilla.suse.com/1181935
   https://bugzilla.suse.com/1183684
   https://bugzilla.suse.com/1187725
   https://bugzilla.suse.com/1188061
   https://bugzilla.suse.com/1193585
   https://bugzilla.suse.com/1197963
   https://bugzilla.suse.com/1199528
   https://bugzilla.suse.com/1200142
   https://bugzilla.suse.com/1200591
   https://bugzilla.suse.com/1200968
   https://bugzilla.suse.com/1200970
   https://bugzilla.suse.com/1201003
   https://bugzilla.suse.com/1202614



More information about the sle-updates mailing list