Malware Devil

Tuesday, June 22, 2021

ESB-2021.2197 – SUSE Manager Client and Server Tools: Multiple vulnerabilities

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA256

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2021.2197
Security update for SUSE Manager Server 4.0
22 June 2021

===========================================================================

AusCERT Security Bulletin Summary
———————————

Product: SUSE Manager Client Tools
SUSE Manager Server Tools
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands — Existing Account
Increased Privileges — Existing Account
Create Arbitrary Files — Existing Account
Denial of Service — Existing Account
Access Confidential Data — Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2021-31607 CVE-2021-28657 CVE-2021-25315

Reference: ESB-2021.2090
ESB-2021.1788
ESB-2021.0975

Original Bulletin:
https://www.suse.com/support/update/announcement/2021/suse-su-20212114-1
https://www.suse.com/support/update/announcement/2021/suse-su-202114756-1
https://www.suse.com/support/update/announcement/2021/suse-su-202114755-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212111-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212110-1
https://www.suse.com/support/update/announcement/2021/suse-su-202114753-1
https://www.suse.com/support/update/announcement/2021/suse-su-20212098-1

Comment: This bulletin contains seven (7) SUSE security advisories.

– ————————–BEGIN INCLUDED TEXT——————–

SUSE Security Update: Security update for SUSE Manager Server 4.0

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2114-1
Rating: moderate
References: #1172711 #1182817 #1184005 #1184283 #1184311 #1184332
#1184361 #1184471 #1184475 #1184561 #1184617 #1184861
#1184892 #1185097 #1185281 #1185506 #1186124 #1186346
#1186508
Cross-References: CVE-2021-28657 CVE-2021-31607
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.0
______________________________________________________________________________

An update that solves two vulnerabilities and has 17 fixes is now available.

Description:

This update fixes the following issues:
cobbler:

o Make “fence_ipmitool” a wrapper for “fence_ipmilan” using always lanplus
(bsc#1184361)
o Remove unused template for fence_ipmitool.
o Prevent some race conditions when writing tftpboot files and the
destination directory is not existing (bsc#1186124)
o Fix trail stripping in case of using UTF symbols (bsc#1184561)

grafana-formula:

o Fix Grafana dashboards requiring single series (bsc#1184471)

patterns-suse-manager:

o Add require for py27-compat-salt (salt 3002 does not provide python2-salt
anymore)

prometheus-exporters-formula:

o Move exporters configurations to dedicated group `prometheus_exporters`
o Add formula data schema migration script
o This version changes the formula data schema and is not backwards
compatible. Downgrading from this version will require reconfiguring the
formula for all your minions.
o Add Ubuntu support for Prometheus exporters’ reverse proxy

pxe-default-image-sle15:

o Adapt rpm-properties.xml for containment-rpm-pxe v0.2.1 and newer

py26-compat-salt:

o Prevent command injection in the snapper module (bsc#1185281)
(CVE-2021-31607)

spacewalk-backend:

o Maintainer field in debian packages are only recommended (bsc#1186508)
o Switch to www group for satellite logs (bsc#1185097)

spacewalk-java:

o Change Prometheus exporters formula data schema to make it more generic and
extendable
o Adapt logging for testing accessability of URLs (bsc#1182817)
o Fix problem reading product_tree.json from wrong location in offline setups
(bsc#1184283)
o For a SUSE system get metadata and package from same source (bsc#1184475)
o Check if the directory exists prior to modular data cleanup (bsc#1184311)
o Assign right base product for res8 (bsc#1184005)
o Fix check for for mirrorlist URLs when refreshing products (bsc#1184861)

spacewalk-utils:

o Bugfix for ubuntu-18.04 repo urls: multiverse, restricted and backports
o Add multiverse, restricted and backports to Ubuntu 16.04, 18.04 and 20.04

spacewalk-web:

o Update the WebUI version to 4.0.14

susemanager:

o Add python3-pycryptodome to Ubuntu 18 and 20 bootstrap repos (bsc#1186346)
o Require gio-branding-SLE for SLE15 but not for openSUSE Leap 15
o Add python3-distro to RES8, SLE15 and Ubuntu20.04 bootstrap repositories to
fix bootstrapping issues (bsc#1184332)

susemanager-doc-indexes:

o Update for Disconnected Setup chapter in Administration Guide

susemanager-docs_en:

o Update for Disconnected Setup chapter in Administration Guide

susemanager-sls:

o Do not install python2-salt on Salt 3002.2 Docker build hosts (bsc#1185506)
o Fix insecure JMX configuration (bsc#1184617)
o Avoid conflicts with running ioloop on mgr_events engine (bsc#1172711)

tika-core:

o New upstream version 1.26. Fixes: * Infinite loop in the MP3Parser (bsc#
1184892, CVE-2021-28657) * Out of memory error while loading a file in
PDFBox before 2.0.23. * Infinite loop while loading a file in PDFBox before
2.0.23. * System.exit vulnerability in Tika’s OneNote Parser; out of memory
errors and/or infinite loops in Tika’s ICNSParser, MP3Parser, MP4Parser,
SAS7BDATParser, OneNoteParser and ImageParser. * Excessive memory usage
(DoS) vulnerability in Apache Tika’s PSDParser * Infinite Loop (DoS)
vulnerability in Apache Tika’s PSDParser

How to apply this update: 1. Log in as root user to the SUSE Manager server. 2.
Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using
either zypper patch or YaST Online Update. 4. Upgrade the database schema:
`spacewalk-schema-upgrade` 5. Start the Spacewalk service: `spacewalk-service
start`

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for SUSE Manager Server 4.0:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.0-2021-2114=1

Package List:

o SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (ppc64le s390x
x86_64):
patterns-suma_retail-4.0-9.19.3
patterns-suma_server-4.0-9.19.3
susemanager-4.0.34-3.52.3
susemanager-tools-4.0.34-3.52.3
o SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (noarch):
cobbler-3.0.0+git20190806.32c4bae0-7.22.3
grafana-formula-0.2.3-4.16.3
prometheus-exporters-formula-0.7.6-3.19.3
pxe-default-image-sle15-4.0.1-20210621145802
py26-compat-salt-2016.11.10-10.28.3
py27-compat-salt-3000.3-4.3.3
python3-spacewalk-backend-libs-4.0.38-3.47.4
spacewalk-backend-4.0.38-3.47.4
spacewalk-backend-app-4.0.38-3.47.4
spacewalk-backend-applet-4.0.38-3.47.4
spacewalk-backend-config-files-4.0.38-3.47.4
spacewalk-backend-config-files-common-4.0.38-3.47.4
spacewalk-backend-config-files-tool-4.0.38-3.47.4
spacewalk-backend-iss-4.0.38-3.47.4
spacewalk-backend-iss-export-4.0.38-3.47.4
spacewalk-backend-package-push-server-4.0.38-3.47.4
spacewalk-backend-server-4.0.38-3.47.4
spacewalk-backend-sql-4.0.38-3.47.4
spacewalk-backend-sql-postgresql-4.0.38-3.47.4
spacewalk-backend-tools-4.0.38-3.47.4
spacewalk-backend-xml-export-libs-4.0.38-3.47.4
spacewalk-backend-xmlrpc-4.0.38-3.47.4
spacewalk-base-4.0.28-3.45.1
spacewalk-base-minimal-4.0.28-3.45.1
spacewalk-base-minimal-config-4.0.28-3.45.1
spacewalk-html-4.0.28-3.45.1
spacewalk-java-4.0.44-3.57.5
spacewalk-java-config-4.0.44-3.57.5
spacewalk-java-lib-4.0.44-3.57.5
spacewalk-java-postgresql-4.0.44-3.57.5
spacewalk-taskomatic-4.0.44-3.57.5
spacewalk-utils-4.0.21-3.30.3
susemanager-doc-indexes-4.0-10.36.4
susemanager-docs_en-4.0-10.36.3
susemanager-docs_en-pdf-4.0-10.36.3
susemanager-sls-4.0.35-3.48.3
susemanager-web-libs-4.0.28-3.45.1
tika-core-1.26-3.6.3

References:

o https://www.suse.com/security/cve/CVE-2021-28657.html
o https://www.suse.com/security/cve/CVE-2021-31607.html
o https://bugzilla.suse.com/1172711
o https://bugzilla.suse.com/1182817
o https://bugzilla.suse.com/1184005
o https://bugzilla.suse.com/1184283
o https://bugzilla.suse.com/1184311
o https://bugzilla.suse.com/1184332
o https://bugzilla.suse.com/1184361
o https://bugzilla.suse.com/1184471
o https://bugzilla.suse.com/1184475
o https://bugzilla.suse.com/1184561
o https://bugzilla.suse.com/1184617
o https://bugzilla.suse.com/1184861
o https://bugzilla.suse.com/1184892
o https://bugzilla.suse.com/1185097
o https://bugzilla.suse.com/1185281
o https://bugzilla.suse.com/1185506
o https://bugzilla.suse.com/1186124
o https://bugzilla.suse.com/1186346
o https://bugzilla.suse.com/1186508

– ——————————————————————-

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14756-1
Rating: moderate
References: #1171257 #1173557 #1176293 #1179831 #1180583 #1180584
#1180585 #1181368 #1182281 #1182293 #1182382 #1185092
#1185281 #1186674
Cross-References: CVE-2021-25315 CVE-2021-31607
Affected Products:
SUSE Manager Ubuntu 20.04-CLIENT-TOOLS
______________________________________________________________________________

An update that solves two vulnerabilities, contains three features and has 12
fixes is now available.

Description:

This update fixes the following issues:
salt:

o Check if dpkgnotify is executable (bsc#1186674)
o Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#
SLE-18028)
o Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028)
o Virt module updates * network: handle missing ipv4 netmask attribute * more
network support * PCI/USB host devices passthrough support
o Set distro requirement to oldest supported version in requirements/base.txt
o Bring missing part of async batch implementation back (bsc#1182382,
CVE-2021-25315)
o Always require python3-distro (bsc#1182293)
o Remove deprecated warning that breaks minion execution when
“server_id_use_crc” opts is missing
o Fix pkg states when DEB package has “all” arch
o Do not force beacons configuration to be a list.
o Remove msgpack = 1.0.0 (bsc#1171257)
o Fix issue parsing errors in ansiblegate state module
o Prevent command injection in the snapper module (bsc#1185281,
CVE-2021-31607)
o Transactional_update: detect recursion in the executor
o Add subpackage salt-transactional-update (jsc#SLE-18033)
o Remove duplicate directories from specfile
o Improvements on “ansiblegate” module (bsc#1185092): * New methods:
ansible.targets / ansible.discover_playbooks
o Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
o Regression fix of salt-ssh on processing targets
o Update target fix for salt-ssh and avoiding race condition on salt-ssh
event processing (bsc#1179831, bsc#1182281)
o Add notify beacon for Debian/Ubuntu systems
o Fix zmq bug that causes salt-call to freeze (bsc#1181368)

spacecmd:

o Rename system migration to system transfer
o Rename SP to product migration
o Update translation strings
o Add group_addconfigchannel and group_removeconfigchannel
o Add group_listconfigchannels and configchannel_listgroups
o Fix spacecmd compat with Python 3
o Deprecated “Software Crashes” feature
o Document advanced package search on ‘–help’ (bsc#1180583)
o Fixed advanced search on ‘package_listinstalledsystems’
o Fixed duplicate results when using multiple search criteria (bsc#1180585)
o Fixed “non-advanced” package search when using multiple package names (bsc#
1180584)
o Update translations
o Fix: make spacecmd build on Debian
o Add Service Pack migration operations (bsc#1173557)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Ubuntu 20.04-CLIENT-TOOLS:
zypper in -t patch suse-ubu204ct-client-tools-202105-14756=1

Package List:

o SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (amd64):
libopenscap-dev-1.2.16-1build1~uyuni1
libopenscap-perl-1.2.16-1build1~uyuni1
libopenscap8-1.2.16-1build1~uyuni1
libopenscap8-dbg-1.2.16-1build1~uyuni1
python-openscap-1.2.16-1build1~uyuni1
o SUSE Manager Ubuntu 20.04-CLIENT-TOOLS (all):
salt-common-3002.2+ds-1+2.48.1
salt-minion-3002.2+ds-1+2.48.1
scap-security-guide-ubuntu-0.1.55git20210323-2.3.3
spacecmd-4.2.8-2.24.3

References:

o https://www.suse.com/security/cve/CVE-2021-25315.html
o https://www.suse.com/security/cve/CVE-2021-31607.html
o https://bugzilla.suse.com/1171257
o https://bugzilla.suse.com/1173557
o https://bugzilla.suse.com/1176293
o https://bugzilla.suse.com/1179831
o https://bugzilla.suse.com/1180583
o https://bugzilla.suse.com/1180584
o https://bugzilla.suse.com/1180585
o https://bugzilla.suse.com/1181368
o https://bugzilla.suse.com/1182281
o https://bugzilla.suse.com/1182293
o https://bugzilla.suse.com/1182382
o https://bugzilla.suse.com/1185092
o https://bugzilla.suse.com/1185281
o https://bugzilla.suse.com/1186674

– ——————————————————————-

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14755-1
Rating: moderate
References: #1171257 #1173557 #1176293 #1179831 #1180583 #1180584
#1180585 #1181368 #1182281 #1182293 #1182382 #1185092
#1185281 #1186674
Cross-References: CVE-2021-25315 CVE-2021-31607
Affected Products:
SUSE Manager Ubuntu 18.04-CLIENT-TOOLS
______________________________________________________________________________

An update that solves two vulnerabilities, contains three features and has 12
fixes is now available.

Description:

This update fixes the following issues:
salt:

o Check if dpkgnotify is executable (bsc#1186674)
o Update to Salt release version 3002.2 (jsc#ECO-3212- Check if dpkgnotify is
executable (bsc#1186674))
o Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028)
o Virt module updates * network: handle missing ipv4 netmask attribute * more
network support * PCI/USB host devices passthrough support
o Set distro requirement to oldest supported version in requirements/base.txt
o Bring missing part of async batch implementation back (bsc#1182382,
CVE-2021-25315)
o Always require python3-distro (bsc#1182293)
o Remove deprecated warning that breaks minion execution when
“server_id_use_crc” opts is missing
o Fix pkg states when DEB package has “all” arch
o Do not force beacons configuration to be a list.
o Remove msgpack = 1.0.0 (bsc#1171257)
o Fix issue parsing errors in ansiblegate state module
o Prevent command injection in the snapper module (bsc#1185281,
CVE-2021-31607)
o Transactional_update: detect recursion in the executor
o Add subpackage salt-transactional-update (jsc#SLE-18033)
o Remove duplicate directories from specfile
o Improvements on “ansiblegate” module (bsc#1185092): * New methods:
ansible.targets / ansible.discover_playbooks
o Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
o Regression fix of salt-ssh on processing targets
o Update target fix for salt-ssh and avoiding race condition on salt-ssh
event processing (bsc#1179831, bsc#1182281)
o Add notify beacon for Debian/Ubuntu systems
o Fix zmq bug that causes salt-call to freeze (bsc#1181368)

spacecmd:

o Rename system migration to system transfer
o Rename SP to product migration
o Update translation strings
o Add group_addconfigchannel and group_removeconfigchannel
o Add group_listconfigchannels and configchannel_listgroups
o Fix spacecmd compat with Python 3
o Deprecated “Software Crashes” feature
o Document advanced package search on ‘–help’ (bsc#1180583)
o Fixed advanced search on ‘package_listinstalledsystems’
o Fixed duplicate results when using multiple search criteria (bsc#1180585)
o Fixed “non-advanced” package search when using multiple package names (bsc#
1180584)
o Update translations
o Fix: make spacecmd build on Debian
o Add Service Pack migration operations (bsc#1173557)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Ubuntu 18.04-CLIENT-TOOLS:
zypper in -t patch suse-ubu184ct-client-tools-202105-14755=1

Package List:

o SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (amd64):
libopenscap-dev-1.2.15-1build1~uyuni1
libopenscap-perl-1.2.15-1build1~uyuni1
libopenscap8-1.2.15-1build1~uyuni1
libopenscap8-dbg-1.2.15-1build1~uyuni1
python-openscap-1.2.15-1build1~uyuni1
python3-pycryptodome-3.4.7-1ubuntu1
o SUSE Manager Ubuntu 18.04-CLIENT-TOOLS (all):
salt-common-3002.2+ds-1+89.1
salt-minion-3002.2+ds-1+89.1
scap-security-guide-ubuntu-0.1.55git20210323-2.3
spacecmd-4.2.8-26.2

References:

o https://www.suse.com/security/cve/CVE-2021-25315.html
o https://www.suse.com/security/cve/CVE-2021-31607.html
o https://bugzilla.suse.com/1171257
o https://bugzilla.suse.com/1173557
o https://bugzilla.suse.com/1176293
o https://bugzilla.suse.com/1179831
o https://bugzilla.suse.com/1180583
o https://bugzilla.suse.com/1180584
o https://bugzilla.suse.com/1180585
o https://bugzilla.suse.com/1181368
o https://bugzilla.suse.com/1182281
o https://bugzilla.suse.com/1182293
o https://bugzilla.suse.com/1182382
o https://bugzilla.suse.com/1185092
o https://bugzilla.suse.com/1185281
o https://bugzilla.suse.com/1186674

– ——————————————————————-

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2111-1
Rating: moderate
References: #1171257 #1173557 #1176293 #1179831 #1180583 #1180584
#1180585 #1181368 #1182281 #1182293 #1182382 #1185092
#1185281 #1186674
Cross-References: CVE-2021-25315 CVE-2021-31607
Affected Products:
SUSE Manager Debian 10-CLIENT-TOOLS
______________________________________________________________________________

An update that solves two vulnerabilities, contains three features and has 12
fixes is now available.

Description:

This update fixes the following issues:
salt:

o Check if dpkgnotify is executable (bsc#1186674)
o Update to Salt release version 3002.2 (jsc#ECO-3212, jsc#SLE-18033, jsc#
SLE-18028))
o Drop support for Python2. Obsoletes `python2-salt` package (jsc#SLE-18028)
o Virt module updates * network: handle missing ipv4 netmask attribute * more
network support * PCI/USB host devices passthrough support
o Set distro requirement to oldest supported version in requirements/base.txt
o Bring missing part of async batch implementation back (bsc#1182382,
CVE-2021-25315)
o Always require python3-distro (bsc#1182293)
o Remove deprecated warning that breaks minion execution when
“server_id_use_crc” opts is missing
o Fix pkg states when DEB package has “all” arch
o Do not force beacons configuration to be a list.
o Remove msgpack = 1.0.0 (bsc#1171257)
o Fix issue parsing errors in ansiblegate state module
o Prevent command injection in the snapper module (bsc#1185281,
CVE-2021-31607)
o Transactional_update: detect recursion in the executor
o Add subpackage salt-transactional-update (jsc#SLE-18033)
o Remove duplicate directories from specfile
o Improvements on “ansiblegate” module (bsc#1185092): * New methods:
ansible.targets / ansible.discover_playbooks
o Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
o Regression fix of salt-ssh on processing targets
o Update target fix for salt-ssh and avoiding race condition on salt-ssh
event processing (bsc#1179831, bsc#1182281)
o Add notify beacon for Debian/Ubuntu systems
o Fix zmq bug that causes salt-call to freeze (bsc#1181368)

spacecmd:

o Rename system migration to system transfer
o Rename SP to product migration
o Update translation strings
o Add group_addconfigchannel and group_removeconfigchannel
o Add group_listconfigchannels and configchannel_listgroups
o Fix spacecmd compat with Python 3
o Deprecated “Software Crashes” feature
o Document advanced package search on ‘–help’ (bsc#1180583)
o Fixed advanced search on ‘package_listinstalledsystems’
o Fixed duplicate results when using multiple search criteria (bsc#1180585)
o Fixed “non-advanced” package search when using multiple package names (bsc#
1180584)
o Update translations
o Fix: make spacecmd build on Debian
o Add Service Pack migration operations (bsc#1173557)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Debian 10-CLIENT-TOOLS:
zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2021-2111=1

Package List:

o SUSE Manager Debian 10-CLIENT-TOOLS (all):
salt-common-3002.2+ds-1+2.27.1
salt-minion-3002.2+ds-1+2.27.1
scap-security-guide-debian-0.1.55git20210323-2.3.1
spacecmd-4.2.8-2.9.1

References:

o https://www.suse.com/security/cve/CVE-2021-25315.html
o https://www.suse.com/security/cve/CVE-2021-31607.html
o https://bugzilla.suse.com/1171257
o https://bugzilla.suse.com/1173557
o https://bugzilla.suse.com/1176293
o https://bugzilla.suse.com/1179831
o https://bugzilla.suse.com/1180583
o https://bugzilla.suse.com/1180584
o https://bugzilla.suse.com/1180585
o https://bugzilla.suse.com/1181368
o https://bugzilla.suse.com/1182281
o https://bugzilla.suse.com/1182293
o https://bugzilla.suse.com/1182382
o https://bugzilla.suse.com/1185092
o https://bugzilla.suse.com/1185281
o https://bugzilla.suse.com/1186674

– ——————————————————————-

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2110-1
Rating: moderate
References: #1173557 #1179831 #1180583 #1180584 #1180585 #1181368
#1182281 #1185092 #1185281
Cross-References: CVE-2021-31607
Affected Products:
SUSE Manager Debian 9.0-CLIENT-TOOLS
______________________________________________________________________________

An update that solves one vulnerability and has 8 fixes is now available.

Description:

This update fixes the following issues:
salt:

o Fix issue parsing errors in ansiblegate state module
o Prevent command injection in the snapper module (bsc#1185281)
(CVE-2021-31607)
o Transactional_update: detect recursion in the executor
o Add subpackage salt-transactional-update
o Remove duplicate directories from specfile
o Improvements on “ansiblegate” module (bsc#1185092): * New methods:
ansible.targets / ansible.discover_playbooks
o Add support for Alibaba Cloud Linux 2 (Aliyun Linux)
o Regression fix of salt-ssh on processing targets
o Update target fix for salt-ssh and avoiding race condition on salt-ssh
event processing (bsc#1179831, bsc#1182281)
o Add notify beacon for Debian/Ubuntu systems
o Fix zmq bug that causes salt-call to freeze (bsc#1181368)

spacecmd:

o Rename system migration to system transfer
o Rename SP to product migration
o Update translation strings
o Add group_addconfigchannel and group_removeconfigchannel
o Add group_listconfigchannels and configchannel_listgroups
o Fix spacecmd compat with Python 3
o Deprecated “Software Crashes” feature
o Document advanced package search on ‘–help’ (bsc#1180583)
o Fixed advanced search on ‘package_listinstalledsystems’
o Fixed duplicate results when using multiple search criteria (bsc#1180585)
o Fixed “non-advanced” package search when using multiple package names (bsc#
1180584)
o Update translations
o Fix: make spacecmd build on Debian
o Add Service Pack migration operations (bsc#1173557)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Manager Debian 9.0-CLIENT-TOOLS:
zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-x86_64-2021-2110=1

Package List:

o SUSE Manager Debian 9.0-CLIENT-TOOLS (all):
salt-common-3000+ds-1+2.23.1
salt-minion-3000+ds-1+2.23.1
scap-security-guide-debian-0.1.55git20210323-2.3.1
spacecmd-4.2.8-2.10.1

References:

o https://www.suse.com/security/cve/CVE-2021-31607.html
o https://bugzilla.suse.com/1173557
o https://bugzilla.suse.com/1179831
o https://bugzilla.suse.com/1180583
o https://bugzilla.suse.com/1180584
o https://bugzilla.suse.com/1180585
o https://bugzilla.suse.com/1181368
o https://bugzilla.suse.com/1182281
o https://bugzilla.suse.com/1185092
o https://bugzilla.suse.com/1185281

– ——————————————————————-

SUSE Security Update: Security update for SUSE Manager Client Tools

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:14753-1
Rating: important
References: #1173557 #1177884 #1177928 #1180583 #1180584 #1180585
#1185178 #1185281
Cross-References: CVE-2021-31607
Affected Products:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS
______________________________________________________________________________

An update that solves one vulnerability and has 7 fixes is now available.

Description:

This update fixes the following issues:
golang-github-wrouesnel-postgres_exporter:

o Add support for aarch64

mgr-cfg:

o SPEC: Updated Python definitions for RHEL8 and quoted text comparisons.

mgr-custom-info:

o Update package version to 4.2.0

mgr-daemon:

o Update translation strings
o Update the translations from weblate
o Added quotes around %{_vendor} token for the if statements in spec file.
o Fix removal of mgr-deamon with selinux enabled (bsc#1177928)
o Updating translations from weblate

mgr-osad:

o Change the log file permissions as expected by logrotate (bsc#1177884)
o Change deprecated path /var/run into /run for systemd (bsc#1185178)
o Python fixes
o Removal of RHEL5

mgr-push:

o Defined __python for python2.
o Excluded RHEL8 for Python 2 build.

mgr-virtualization:

o Update package version to 4.2.0

rhnlib:

o Update package version to 4.2.0

salt:

o Prevent command injection in the snapper module (bsc#1185281)
(CVE-2021-31607)

spacecmd:

o Rename system migration to system transfer
o Rename SP to product migration
o Update translation strings
o Add group_addconfigchannel and group_removeconfigchannel
o Add group_listconfigchannels and configchannel_listgroups
o Fix spacecmd compat with Python 3
o Deprecated “Software Crashes” feature
o Document advanced package search on ‘–help’ (bsc#1180583)
o Fixed advanced search on ‘package_listinstalledsystems’
o Fixed duplicate results when using multiple search criteria (bsc#1180585)
o Fixed “non-advanced” package search when using multiple package names (bsc#
1180584)
o Update translations
o Fix: make spacecmd build on Debian
o Add Service Pack migration operations (bsc#1173557)

spacewalk-client-tools:

o Update the translations from weblate
o Drop the –noSSLServerURL option
o Updated RHEL Python requirements.
o Added quotes around %{_vendor}.

spacewalk-koan:

o Fix for spacewalk-koan test

spacewalk-oscap:

o Update package version to 4.2.0

spacewalk-remote-utils:

o Update package version to 4.2.0

supportutils-plugin-susemanager-client:

o Update package version to 4.2.0

suseRegisterInfo:

o Add support for Amazon Linux 2
o Add support for Alibaba Cloud Linux 2
o Adapted for RHEL build.

uyuni-base:

o Added Apache as prerequisite for RHEL and Fedora (due to required users).
o Removed RHEL specific folder rights from SPEC file.
o Added RHEL8 compatibility.

uyuni-common-libs:

o Cleaning up unused Python 2 build leftovers.
o Disabled debug package build.

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:
zypper in -t patch slesctsp4-client-tools-202105-14753=1
o SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:
zypper in -t patch slesctsp3-client-tools-202105-14753=1

Package List:

o SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x
x86_64):
mgr-cfg-4.2.2-5.15.2
mgr-cfg-actions-4.2.2-5.15.2
mgr-cfg-client-4.2.2-5.15.2
mgr-cfg-management-4.2.2-5.15.2
mgr-custom-info-4.2.1-5.9.2
mgr-daemon-4.2.7-5.26.1
mgr-osad-4.2.5-5.27.2
mgr-push-4.2.2-5.9.2
mgr-virtualization-host-4.2.1-5.17.3
python2-mgr-cfg-4.2.2-5.15.2
python2-mgr-cfg-actions-4.2.2-5.15.2
python2-mgr-cfg-client-4.2.2-5.15.2
python2-mgr-cfg-management-4.2.2-5.15.2
python2-mgr-osa-common-4.2.5-5.27.2
python2-mgr-osad-4.2.5-5.27.2
python2-mgr-push-4.2.2-5.9.2
python2-mgr-virtualization-common-4.2.1-5.17.3
python2-mgr-virtualization-host-4.2.1-5.17.3
python2-rhnlib-4.2.3-12.31.1
python2-spacewalk-check-4.2.10-27.50.1
python2-spacewalk-client-setup-4.2.10-27.50.1
python2-spacewalk-client-tools-4.2.10-27.50.1
python2-spacewalk-koan-4.2.3-9.21.1
python2-spacewalk-oscap-4.2.1-6.15.3
python2-suseRegisterInfo-4.2.3-6.15.1
python2-uyuni-common-libs-4.2.3-5.12.1
salt-2016.11.10-43.75.1
salt-doc-2016.11.10-43.75.1
salt-minion-2016.11.10-43.75.1
spacecmd-4.2.8-18.84.1
spacewalk-check-4.2.10-27.50.1
spacewalk-client-setup-4.2.10-27.50.1
spacewalk-client-tools-4.2.10-27.50.1
spacewalk-koan-4.2.3-9.21.1
spacewalk-oscap-4.2.1-6.15.3
suseRegisterInfo-4.2.3-6.15.1
o SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 x86_64):
golang-github-wrouesnel-postgres_exporter-0.4.7-5.12.1
o SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (noarch):
spacewalk-remote-utils-4.2.1-6.18.2
supportutils-plugin-susemanager-client-4.2.2-9.21.1
o SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x
x86_64):
mgr-cfg-4.2.2-5.15.2
mgr-cfg-actions-4.2.2-5.15.2
mgr-cfg-client-4.2.2-5.15.2
mgr-cfg-management-4.2.2-5.15.2
mgr-custom-info-4.2.1-5.9.2
mgr-daemon-4.2.7-5.26.1
mgr-osad-4.2.5-5.27.2
mgr-push-4.2.2-5.9.2
mgr-virtualization-host-4.2.1-5.17.3
python2-mgr-cfg-4.2.2-5.15.2
python2-mgr-cfg-actions-4.2.2-5.15.2
python2-mgr-cfg-client-4.2.2-5.15.2
python2-mgr-cfg-management-4.2.2-5.15.2
python2-mgr-osa-common-4.2.5-5.27.2
python2-mgr-osad-4.2.5-5.27.2
python2-mgr-push-4.2.2-5.9.2
python2-mgr-virtualization-common-4.2.1-5.17.3
python2-mgr-virtualization-host-4.2.1-5.17.3
python2-rhnlib-4.2.3-12.31.1
python2-spacewalk-check-4.2.10-27.50.1
python2-spacewalk-client-setup-4.2.10-27.50.1
python2-spacewalk-client-tools-4.2.10-27.50.1
python2-spacewalk-koan-4.2.3-9.21.1
python2-spacewalk-oscap-4.2.1-6.15.3
python2-suseRegisterInfo-4.2.3-6.15.1
python2-uyuni-common-libs-4.2.3-5.12.1
salt-2016.11.10-43.75.1
salt-doc-2016.11.10-43.75.1
salt-minion-2016.11.10-43.75.1
spacecmd-4.2.8-18.84.1
spacewalk-check-4.2.10-27.50.1
spacewalk-client-setup-4.2.10-27.50.1
spacewalk-client-tools-4.2.10-27.50.1
spacewalk-koan-4.2.3-9.21.1
spacewalk-oscap-4.2.1-6.15.3
suseRegisterInfo-4.2.3-6.15.1
o SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 x86_64):
golang-github-wrouesnel-postgres_exporter-0.4.7-5.12.1
o SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (noarch):
spacewalk-remote-utils-4.2.1-6.18.2
supportutils-plugin-susemanager-client-4.2.2-9.21.1

References:

o https://www.suse.com/security/cve/CVE-2021-31607.html
o https://bugzilla.suse.com/1173557
o https://bugzilla.suse.com/1177884
o https://bugzilla.suse.com/1177928
o https://bugzilla.suse.com/1180583
o https://bugzilla.suse.com/1180584
o https://bugzilla.suse.com/1180585
o https://bugzilla.suse.com/1185178
o https://bugzilla.suse.com/1185281

– ——————————————————————-

SUSE Security Update: Security update for SUSE Manager Server 4.1

______________________________________________________________________________

Announcement ID: SUSE-SU-2021:2098-1
Rating: moderate
References: #1151558 #1172711 #1175216 #1178767 #1180673 #1182744
#1183573 #1183649 #1183845 #1183864 #1184005 #1184286
#1184311 #1184332 #1184351 #1184361 #1184471 #1184475
#1184561 #1184617 #1184849 #1184892 #1184929 #1184940
#1185042 #1185097 #1185281 #1185506 #1185568 #1185965
#1186025 #1186124 #1186346 #1186508 #1186765 #1186852
#1186858
Cross-References: CVE-2021-28657 CVE-2021-31607
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
______________________________________________________________________________

An update that solves two vulnerabilities and has 35 fixes is now available.

Description:

This update fixes the following issues:
cobbler:

o Make `fence_ipmitool` a wrapper for `fence_ipmilan` using always `lanplus`.
(bsc#1184361)
o Remove unused template for `fence_ipmitool`.
o Prevent some race conditions when writting tftpboot files and the
destination directory is not existing. (bsc#1186124)
o Fix trail stripping in case of using UTF symbols. (bsc#1184561)

golang-github-prometheus-node_exporter:

o Update to 1.1.2 * Bug fixes + Handle errors from disabled PSI subsystem +
Sanitize strings from /sys/class/power_supply + Silence missing netclass
errors + Fix ineffassign issue + Fix some noisy log lines +
filesystem_freebsd: Fix label values + Fix various procfs parsing errors +
Handle no data from powersupplyclass + udp_queues_linux.go: change upd to
udp in two error strings + Fix node_scrape_collector_success behaviour +
Fix NodeRAIDDegraded to not use a string rule expressions + Fix
node_md_disks state label from fail to failed + Handle EPERM for syscall in
timex collector + bcache: fix typo in a metric name + Fix XFS read/write
stats * Changes + Improve filter flag names + Add btrfs and
powersupplyclass to list of exporters enabled by default * Features + Add
fibre channel collector + Expose cpu bugs and flags as info metrics + Add
network_route collector + Add zoneinfo collector * Enhancements + Add more
InfiniBand counters + Add flag to aggr ipvs metrics to avoid high
cardinality metrics + Adding backlog/current queue length to qdisc
collector + Include TCP OutRsts in netstat metrics + Add pool size to
entropy collector + Remove CGO dependencies for OpenBSD amd64 + bcache: add
writeback_rate_debug status + Add check state for mdadm arrays via
node_md_state metric + Expose XFS inode statistics + Expose zfs zpool state
+ Added an ability to pass collector.supervisord.url via SUPERVISORD_URL
environment variable
o Do not include sources (bsc#1151558)
o Remove rc symlink

grafana-formula:

o Fix Grafana dashboards requiring single series (bsc#1184471)

patterns-suse-manager:

o Add require for py27-compat-salt (salt 3002 does not provide python2-salt
anymore)

prometheus-exporter-formula:

o Add support for schema migration (bsc#1186025)

pxe-yomi-image-sle15:

o Remove PermitEmptyPasswords from SSH config (Fix bsc#1182744)

py26-compat-salt:

o Prevent command injection in the snapper module (bsc#1185281)
(CVE-2021-31607)

spacewalk-admin:

o Stop jabberd when osa-dispatcher is enabled (bsc#1185042)

spacewalk-backend:

o Fix binary blob corruptions in tradidional config file deployment (bsc#
1183864)
o Fix for GPG checking on synchonizing mirrored dpkg repo (bsc#1184351)
o switch to www group for satellite logs (bsc#1185097)
o Fail traditional errata and package actions when they act on retracted
items
o Add advisory_status to reposync and ISS
o Add minrate/timeout configuration values for downloading DEB/RPM packages

spacewalk-branding:

o Add the CSS class for retracted errata/packages

spacewalk-certs-tools:

o Add support of DISABLE_LOCAL_REPOS=0 for salt minions (bsc#1185568)
o Add missing environment variable SALT_RUNNING for pkg module to the minion
configuration
o Fix typo: activaion -> activation

spacewalk-java:

o Change Prometheus exporters formula data schema to make it more generic and
extendable
o Do not require advisory_status to be set in ErrataHandler.create (bsc#
1185965)
o Speed up pages to compare or add packages to channels (bsc#1178767)
o Bugfix: Remove the unneeded check that was stopping updating a virtual
instance type (bsc#1180673)
o Exclude minions from the list of locally-managed/sandbox systems when
copying config files (bsc#1184940)
o Lower case fqdn comparation when calculating minion connection path (bsc#
1184849)
o Bugfix: Retracted Patches: Filter minion correctly when executing package
install (bsc#1184929)
o Implement retracted patches
o For a SUSE system get metadata and package from same source (bsc#1184475)
o Check if the directory exists prior to modular data cleanup (bsc#1184311)
o Assign right base product for res8 (bsc#1184005)
o Fix docs link in my organization configuration (bsc#1184286)
o Only update the kickstart path in cobbler if necessary (bsc#1175216)

spacewalk-utils:

o Bugfix for ubuntu-18.04 repo urls: multiverse, restricted and backports
o Add multiverse, restricted and backports to Ubuntu 16.04, 18.04 and 20.04

spacewalk-web:

o Upgrade react-select to 4.3.0 and lodash to 4.17.21
o Show the info about unsynced patches in the Content Lifecycle Management
screens

susemanager:

o Add bootstrap repo data for SUSE Manager 4.1 Proxy
o Require gio-branding-SLE for SLE15 but not for openSUSE Leap 15
o Add bootstrap repo data for OES2018-SP3-x86_64 (bsc#1183845)
o Enable bootstrap repository creation for openSUSE Leap 15.3 for Uyuni
o Add python3-distro to RES8, SLE15, Ubuntu20.04 and Debian 10 bootstrap
repositories to fix bootstrapping issues (bsc#1184332)
o Add python3-pycryptodome to Ubuntu and Debian 10 bootstrap repos (bsc#
1186346)
o Add gnupg and its dependencies to debian 10 bootstrap repo

susemanager-build-keys:

o Add SUSE Linux Enterprise 15-SP3 Updates for openSUSE Leap 15.3 key (bsc#
1186852)

susemanager-doc-indexes:

o Adds additional dependencies for Debian client registration in Client
Configuration Guide (bsc#1183649)
o Remove some openSUSE Leap 15.1 references
o Add reposync configuration settings to Troubleshooting chapter of the
Administration Guide
o Update the entry about module.run for SAP Guide

susemanager-docs_en:

o Adds additional dependencies for Debian client registration in Client
Configuration Guide (bsc#1183649)
o Remove some openSUSE Leap 15.1 references
o Add reposync configuration settings to Troubleshooting chapter of the
Administration Guide
o Update the entry about module.run for SAP Guide

susemanager-schema:

o DB schema & migrations for retracted patches

susemanager-sls:

o Exclude openSUSE Leap 15.3 from product installation (bsc#1186858)
o Enable certificate deployment for Leap 15.3 clients which is needed for
bootstrapping (bsc#1186765)
o Do not install python2-salt on Salt 3002.2 Docker build hosts (bsc#1185506)
o Add support for ‘disable_local_repos’ salt minion config parameter(bsc#
1185568)
o Fix insecure JMX configuration (bsc#1184617)
o Avoid conflicts with running ioloop on mgr_events engine (bsc#1172711)
o Keep salt-minion when it is installed to prevent update problems with
dependend packages not available in the bootstrap repo (bsc#1183573)
o Fix installation of gnupg on Debian 10

susemanager-sync-data:

o Add OES2018 SP3 (bsc#1183845)

tika-core:

o New upstream version 1.26. * Infinite loop in the MP3Parser (bsc#1184892
CVE-2021-28657) * Out of memory error while loading a file in PDFBox before
2.0.23. * Infinite loop while loading a file in PDFBox before 2.0.23. *
System.exit vulnerability in Tika’s OneNote Parser; out of memory errors
and/or infinite loops in Tika’s ICNSParser, MP3Parser, MP4Parser,
SAS7BDATParser, OneNoteParser and ImageParser. * Excessive memory usage
(DoS) vulnerability in Apache Tika’s PSDParser * Infinite Loop (DoS)
vulnerability in Apache Tika’s PSDParser

uyuni-common-libs:

o Maintainer field in debian packages are only recommended (bsc#1186508)

How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper patch
or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start
`

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:

o SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-2098=1

Package List:

o SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x
x86_64):
golang-github-prometheus-node_exporter-1.1.2-3.6.5
patterns-suma_retail-4.1-6.9.2
patterns-suma_server-4.1-6.9.2
python3-uyuni-common-libs-4.1.8-3.9.1
spacewalk-branding-4.1.12-3.12.2
susemanager-4.1.26-3.25.1
susemanager-tools-4.1.26-3.25.1
o SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
cobbler-3.0.0+git20190806.32c4bae0-5.11.1
grafana-formula-0.4.1-3.9.2
prometheus-exporters-formula-0.9.1-3.22.1
py26-compat-salt-2016.11.10-6.14.2
py27-compat-salt-3000.3-6.3.2
python3-spacewalk-certs-tools-4.1.17-3.17.2
spacewalk-admin-4.1.9-3.12.2
spacewalk-backend-4.1.25-4.32.6
spacewalk-backend-app-4.1.25-4.32.6
spacewalk-backend-applet-4.1.25-4.32.6
spacewalk-backend-config-files-4.1.25-4.32.6
spacewalk-backend-config-files-common-4.1.25-4.32.6
spacewalk-backend-config-files-tool-4.1.25-4.32.6
spacewalk-backend-iss-4.1.25-4.32.6
spacewalk-backend-iss-export-4.1.25-4.32.6
spacewalk-backend-package-push-server-4.1.25-4.32.6
spacewalk-backend-server-4.1.25-4.32.6
spacewalk-backend-sql-4.1.25-4.32.6
spacewalk-backend-sql-postgresql-4.1.25-4.32.6
spacewalk-backend-tools-4.1.25-4.32.6
spacewalk-backend-xml-export-libs-4.1.25-4.32.6
spacewalk-backend-xmlrpc-4.1.25-4.32.6
spacewalk-base-4.1.26-3.24.8
spacewalk-base-minimal-4.1.26-3.24.8
spacewalk-base-minimal-config-4.1.26-3.24.8
spacewalk-certs-tools-4.1.17-3.17.2
spacewalk-html-4.1.26-3.24.8
spacewalk-java-4.1.36-3.44.1
spacewalk-java-config-4.1.36-3.44.1
spacewalk-java-lib-4.1.36-3.44.1
spacewalk-java-postgresql-4.1.36-3.44.1
spacewalk-taskomatic-4.1.36-3.44.1
spacewalk-utils-4.1.16-3.18.2
spacewalk-utils-extras-4.1.16-3.18.2
susemanager-build-keys-15.2.4-3.17.1
susemanager-build-keys-web-15.2.4-3.17.1
susemanager-doc-indexes-4.1-11.34.8
susemanager-docs_en-4.1-11.34.2
susemanager-docs_en-pdf-4.1-11.34.2
susemanager-schema-4.1.21-3.30.6
susemanager-sls-4.1.28-3.42.1
susemanager-sync-data-4.1.14-3.23.2
susemanager-web-libs-4.1.26-3.24.8
tika-core-1.26-3.5.2
uyuni-config-modules-4.1.28-3.42.1

References:

o https://www.suse.com/security/cve/CVE-2021-28657.html
o https://www.suse.com/security/cve/CVE-2021-31607.html
o https://bugzilla.suse.com/1151558
o https://bugzilla.suse.com/1172711
o https://bugzilla.suse.com/1175216
o https://bugzilla.suse.com/1178767
o https://bugzilla.suse.com/1180673
o https://bugzilla.suse.com/1182744
o https://bugzilla.suse.com/1183573
o https://bugzilla.suse.com/1183649
o https://bugzilla.suse.com/1183845
o https://bugzilla.suse.com/1183864
o https://bugzilla.suse.com/1184005
o https://bugzilla.suse.com/1184286
o https://bugzilla.suse.com/1184311
o https://bugzilla.suse.com/1184332
o https://bugzilla.suse.com/1184351
o https://bugzilla.suse.com/1184361
o https://bugzilla.suse.com/1184471
o https://bugzilla.suse.com/1184475
o https://bugzilla.suse.com/1184561
o https://bugzilla.suse.com/1184617
o https://bugzilla.suse.com/1184849
o https://bugzilla.suse.com/1184892
o https://bugzilla.suse.com/1184929
o https://bugzilla.suse.com/1184940
o https://bugzilla.suse.com/1185042
o https://bugzilla.suse.com/1185097
o https://bugzilla.suse.com/1185281
o https://bugzilla.suse.com/1185506
o https://bugzilla.suse.com/1185568
o https://bugzilla.suse.com/1185965
o https://bugzilla.suse.com/1186025
o https://bugzilla.suse.com/1186124
o https://bugzilla.suse.com/1186346
o https://bugzilla.suse.com/1186508
o https://bugzilla.suse.com/1186765
o https://bugzilla.suse.com/1186852
o https://bugzilla.suse.com/1186858

– ————————–END INCLUDED TEXT——————–

You have received this e-mail bulletin as a result of your organisation’s
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT’s members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation’s
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author’s website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
—–BEGIN PGP SIGNATURE—–
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYNEzJuNLKJtyKPYoAQj5qxAAsgfO/HBu1O3yb6Q9D4S7kKEKlKONhf2a
TX65reYeI4n2rAanDrLig9NZSYKXEfCY0UrLZHF73E60lPRlq2+fmqTf4B7X3JEZ
lvu7uC4Fi6DgSGQkErieHOiuUhQDaFfxbOG3AIHvkhqohWQdVBFxAqWlf+ubkTNI
l6nkFGjxCkJcW2YyxeB2IGZDsuvizXP9vh2n/ePttArAdjnIztghTWWrGvZPnfH9
RznpCWfQswX1JPXdgCexbH3U3njrVbXwdK093QE++86BJiUxhloNgOLFuicxlrwK
6zcfXBfiSKy4vpCy277wwltjLlLy0xSkYq9oiFyWC6gOoPAgg7n3xz4jZ/zLWkF0
WNz2HYrpzIu4+/n8ZqcZ0ssDnSVlzJwmQFUn6OBZFcEZC2jVOoFrMGxjFRnrChz1
/RqmWLxUmf9Ht8ABISqlyXTC75CwDaob+eZMNzV7wPaxPp/C0utvfs78788FRQKD
byiTsSavvcSCH/6/aHxHjXNCN1QCpR3i+YKw0ILdSuttCaOUkyrShipBzbKZLbUn
iE/oGRQ1B7v/VsEfrKTVbmmaf5fuI/64XFYw9fthWRQ14hkSzPS9UV6MiK607AVx
QP8Sv6PGoByI5E1jOGMa20GFBt+3oWT400sp688d9GjF0lXmF362yjXL3izjod7o
BdqgNZsWCIY=
=dzm7
—–END PGP SIGNATURE—–

Read More

The post ESB-2021.2197 – SUSE Manager Client and Server Tools: Multiple vulnerabilities appeared first on Malware Devil.



https://malwaredevil.com/2021/06/22/esb-2021-2197-suse-manager-client-and-server-tools-multiple-vulnerabilities/?utm_source=rss&utm_medium=rss&utm_campaign=esb-2021-2197-suse-manager-client-and-server-tools-multiple-vulnerabilities

No comments:

Post a Comment

Barbary Pirates and Russian Cybercrime

In 1801, the United States had a small Navy. Thomas Jefferson deployed almost half that Navy—three frigates and a schooner—to the Barbary C...