Описание
Security update for terraform
This update for terraform fixes the following issues:
-
Updated terraform to version 0.13.4 (bsc#1177421)
- Many features, bug fixes, and enhancements were made during this update. Please refer to the terraform rpm changelog, for a full list of all changes.
-
The following terraform providers were updated:
- terraform-provider-aws
- terraform-provider-azurerm
- terraform-provider-external
- terraform-provider-google
- terraform-provider-helm
- terraform-provider-kubernetes
- terraform-provider-local
- terraform-provider-null
- terraform-provider-random
- terraform-provider-tls
Список пакетов
SUSE Linux Enterprise Module for Public Cloud 15 SP2
terraform-0.13.4-6.3.1
terraform-provider-aws-3.11.0-6.3.1
terraform-provider-azurerm-2.32.0-6.3.1
terraform-provider-external-2.0.0-6.3.1
terraform-provider-google-3.43.0-6.3.1
terraform-provider-helm-1.3.2-6.3.1
terraform-provider-kubernetes-1.13.2-6.3.1
terraform-provider-local-2.0.0-6.3.1
terraform-provider-null-3.0.0-6.3.1
terraform-provider-random-3.0.0-6.3.1
terraform-provider-tls-3.0.0-5.3.2
Ссылки
- Link for SUSE-SU-2021:0263-1
- E-Mail link for SUSE-SU-2021:0263-1
- SUSE Security Ratings
- SUSE Bug 1168921
- SUSE Bug 1170264
- SUSE Bug 1177421
- SUSE CVE CVE-2020-14039 page
Описание
In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete.
Затронутые продукты
SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-0.13.4-6.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-aws-3.11.0-6.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-azurerm-2.32.0-6.3.1
SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-external-2.0.0-6.3.1
Ссылки
- CVE-2020-14039
- SUSE Bug 1174191