SUSE-SU-2019:3393-1

Опубликовано: 30 дек. 2019

Источник: suse-cvrf

Описание

Security update for python-azure-agent

This update for python-azure-agent fixes the following issues:

Update to version 2.2.45 (jsc#ECO-80 bsc#1159639)

Add support for Gen2 VM resource disks
Use alternate systemd detection
Fix /proc/net/route requirement that causes errors on FreeBSD
Add cloud-init auto-detect to prevent multiple provisioning mechanisms from relying on configuration for coordination
Disable cgroups when daemon is setup incorrectly
Remove upgrade extension loop for the same goal state
Add container id for extension telemetry events
Be more exact when detecting IMDS service health
Changing add_event to start sending missing fields

Update to version 2.2.44:

Remove outdated extension ZIP packages
Improved error handling when starting extensions using systemd
Reduce provisioning time of some custom images
Improve the handling of extension download errors
New API for extension authors to handle errors during extension update
Fix handling of errors in calls to openssl
Improve logic to determine current distro
Reduce verbosity of several logging statements

Update to version 2.2.42:

Poll for artifact blob, addresses goal state procesing issue

Update to version 2.2.41:

Rewriting the mechanism to start the extension using systemd-run for systems using systemd for managing
Refactoring of resource monitoring framework using cgroup for both systemd and non-systemd approaches [#1530, #1534]
Telemetry pipeline for resource monitoring data

Update to version 2.2.40:

Fixed tracking of memory/cpu usage
Do not prevent extensions from running if setting up cgroups fails
Enable systemd-aware deprovisioning on all versions >= 18.04
Add systemd support for Debian Jessie, Stretch, and Buster
Support for Linux Openwrt

Update to version 2.2.38:

CVE-2019-0804: WALinuxAgent could be made to expose sensitive information. (bsc#1127838)
Add fixes for handling swap file and other nit fixes

Update to version 2.2.37:

Improves re-try logic to handle errors while downloading extensions

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15

python-azure-agent-2.2.45-7.9.1

Ссылки

https://www.suse.com/support/update/announcement/2019/suse-su-20193393-1/
Link for SUSE-SU-2019:3393-1
https://lists.suse.com/pipermail/sle-security-updates/2019-December/006295.html
E-Mail link for SUSE-SU-2019:3393-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1127838
SUSE Bug 1127838
https://bugzilla.suse.com/1159639
SUSE Bug 1159639
https://www.suse.com/security/cve/CVE-2019-0804/
SUSE CVE CVE-2019-0804 page
https://bugzilla.suse.com/ECO-80
SUSE Bug ECO-80

Описание

An information disclosure vulnerability exists in the way Azure WaLinuxAgent creates swap files on resource disks, aka 'Azure Linux Agent Information Disclosure Vulnerability'.

Затронутые продукты

SUSE Linux Enterprise Module for Public Cloud 15:python-azure-agent-2.2.45-7.9.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-0804.html
CVE-2019-0804
https://bugzilla.suse.com/1127838
SUSE Bug 1127838
https://bugzilla.suse.com/1152980
SUSE Bug 1152980

SUSE-SU-2019:3393-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Public Cloud 15

Ссылки

Уязвимость: CVE-2019-0804

Описание

Затронутые продукты

Ссылки