Описание
Security update for SUSE Manager Client Tools
This update fixes the following issues:
cobbler:
- Fix parsing cobbler dictionary options with values containing '=', e.g. kernel params containing '=' (bsc#1176978)
mgr-daemon:
- Update translation strings
salt:
- Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)
spacecmd:
- Python3 fixes for errata in spacecmd (bsc#1169664)
- Added support for i18n of user-facing strings
- Python3 fix for sorted usage (bsc#1167907)
spacewalk-client-tools:
- Remove RH references in Python/Ruby localization and use the product name instead
Список пакетов
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS
koan-2.2.2-0.68.12.1
mgr-daemon-4.1.3-5.20.1
python2-spacewalk-check-4.1.7-27.38.1
python2-spacewalk-client-setup-4.1.7-27.38.1
python2-spacewalk-client-tools-4.1.7-27.38.1
salt-2016.11.10-43.63.1
salt-doc-2016.11.10-43.63.1
salt-minion-2016.11.10-43.63.1
spacecmd-4.1.8-18.72.1
spacewalk-check-4.1.7-27.38.1
spacewalk-client-setup-4.1.7-27.38.1
spacewalk-client-tools-4.1.7-27.38.1
SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS
koan-2.2.2-0.68.12.1
mgr-daemon-4.1.3-5.20.1
python2-spacewalk-check-4.1.7-27.38.1
python2-spacewalk-client-setup-4.1.7-27.38.1
python2-spacewalk-client-tools-4.1.7-27.38.1
salt-2016.11.10-43.63.1
salt-doc-2016.11.10-43.63.1
salt-minion-2016.11.10-43.63.1
spacecmd-4.1.8-18.72.1
spacewalk-check-4.1.7-27.38.1
spacewalk-client-setup-4.1.7-27.38.1
spacewalk-client-tools-4.1.7-27.38.1
Ссылки
- Link for SUSE-SU-2020:14538-1
- E-Mail link for SUSE-SU-2020:14538-1
- SUSE Security Ratings
- SUSE Bug 1167907
- SUSE Bug 1169664
- SUSE Bug 1176978
- SUSE Bug 1178319
- SUSE Bug 1178361
- SUSE Bug 1178362
- SUSE CVE CVE-2020-16846 page
- SUSE CVE CVE-2020-17490 page
- SUSE CVE CVE-2020-25592 page
Описание
An issue was discovered in SaltStack Salt through 3002. Sending crafted web requests to the Salt API, with the SSH client enabled, can result in shell injection.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:koan-2.2.2-0.68.12.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:mgr-daemon-4.1.3-5.20.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python2-spacewalk-check-4.1.7-27.38.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python2-spacewalk-client-setup-4.1.7-27.38.1
Ссылки
- CVE-2020-16846
- SUSE Bug 1178361
Описание
The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:koan-2.2.2-0.68.12.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:mgr-daemon-4.1.3-5.20.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python2-spacewalk-check-4.1.7-27.38.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python2-spacewalk-client-setup-4.1.7-27.38.1
Ссылки
- CVE-2020-17490
- SUSE Bug 1178362
Описание
In SaltStack Salt through 3002, salt-netapi improperly validates eauth credentials and tokens. A user can bypass authentication and invoke Salt SSH.
Затронутые продукты
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:koan-2.2.2-0.68.12.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:mgr-daemon-4.1.3-5.20.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python2-spacewalk-check-4.1.7-27.38.1
SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python2-spacewalk-client-setup-4.1.7-27.38.1
Ссылки
- CVE-2020-25592
- SUSE Bug 1178319