Описание
Important security update for SUSE Manager Client Tools
This update fixes the following issues:
ansible:
- Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
- CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725)
- CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061)
- ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)
- Update to 2.9.22:
- CVE-2021-3447 (bsc#1183684) multiple modules expose secured values
- CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
- CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values
- CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values
- CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module
dracut-saltboot:
- Require e2fsprogs (bsc#1202614)
- Update to version 0.1.1657643023.0d694ce
- Update dracut-saltboot dependencies (bsc#1200970)
- Fix network loading when ipappend is used in pxe config
- Add new information messages
golang-github-QubitProducts-exporter_exporter:
- Remove license file from %doc
mgr-daemon:
- Version 4.3.5-1
- Update translation strings
mgr-virtualization:
- Version 4.3.6-1
- Report all VMs in poller, not only running ones (bsc#1199528)
prometheus-blackbox_exporter:
- Exclude s390 arch
python-hwdata:
- Declare the LICENSE file as license and not doc
spacecmd:
- Version 4.3.14-1
- Fix missing argument on system_listmigrationtargets (bsc#1201003)
- Show correct help on calling kickstart_importjson with no arguments
- Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
- Change proxy container config default filename to end with tar.gz
- Update translation strings
spacewalk-client-tools:
- Version 4.3.11-1
- Update translation strings
uyuni-common-libs:
- Version 4.3.5-1
- Fix reposync issue about 'rpm.hdr' object has no attribute 'get'
uyuni-proxy-systemd-services:
- Version 4.3.6-1
- Expose port 80 (bsc#1200142)
- Use volumes rather than bind mounts
- TFTPD to listen on udp port (bsc#1200968)
- Add TAG variable in configuration
- Fix containers namespaces in configuration
zypp-plugin-spacewalk:
- 1.0.13
- Log in before listing channels. (bsc#1197963, bsc#1193585)
Список пакетов
Container suse/manager/4.3/proxy-httpd:latest
Container suse/manager/5.0/x86_64/proxy-httpd:latest
Container suse/manager/5.0/x86_64/server:latest
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-Azure
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-EC2-HVM
Image SLES15-SP3-Manager-4-2-Proxy-BYOS-GCE
Image SLES15-SP3-Manager-4-2-Server-BYOS-Azure
Image SLES15-SP3-Manager-4-2-Server-BYOS-EC2-HVM
Image SLES15-SP3-Manager-4-2-Server-BYOS-GCE
Image SLES15-SP4-Manager-Proxy-4-3-BYOS
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-Azure
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-EC2
Image SLES15-SP4-Manager-Proxy-4-3-BYOS-GCE
Image SLES15-SP4-Manager-Server-4-3
Image SLES15-SP4-Manager-Server-4-3-Azure-llc
Image SLES15-SP4-Manager-Server-4-3-Azure-ltd
Image SLES15-SP4-Manager-Server-4-3-BYOS
Image SLES15-SP4-Manager-Server-4-3-BYOS-Azure
Image SLES15-SP4-Manager-Server-4-3-BYOS-EC2
Image SLES15-SP4-Manager-Server-4-3-BYOS-GCE
Image SLES15-SP4-Manager-Server-4-3-EC2-llc
Image SLES15-SP4-Manager-Server-4-3-EC2-ltd
Image proxy-httpd-image
Image server-image
SUSE Linux Enterprise High Performance Computing 15-ESPOS
SUSE Linux Enterprise High Performance Computing 15-LTSS
SUSE Linux Enterprise Server 15-LTSS
SUSE Linux Enterprise Server for SAP Applications 15
SUSE Manager Client Tools 15
SUSE Manager Proxy Module 4.1
SUSE Manager Proxy Module 4.2
SUSE Manager Proxy Module 4.3
SUSE Manager Server Module 4.1
SUSE Manager Server Module 4.2
SUSE Manager Server Module 4.3
openSUSE Leap 15.3
openSUSE Leap 15.4
Ссылки
- Link for SUSE-SU-2022:3178-1
- E-Mail link for SUSE-SU-2022:3178-1
- SUSE Security Ratings
- SUSE Bug 1176460
- SUSE Bug 1180816
- SUSE Bug 1180942
- SUSE Bug 1181119
- SUSE Bug 1181935
- SUSE Bug 1183684
- SUSE Bug 1187725
- SUSE Bug 1188061
- SUSE Bug 1193585
- SUSE Bug 1197963
- SUSE Bug 1199528
- SUSE Bug 1200142
- SUSE Bug 1200591
- SUSE Bug 1200968
- SUSE Bug 1200970
- SUSE Bug 1201003
- SUSE Bug 1202614
Описание
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
Затронутые продукты
Ссылки
- CVE-2021-20178
- SUSE Bug 1180816
- SUSE Bug 1186493
Описание
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.
Затронутые продукты
Ссылки
- CVE-2021-20180
- SUSE Bug 1180942
Описание
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.
Затронутые продукты
Ссылки
- CVE-2021-20191
- SUSE Bug 1181119
- SUSE Bug 1181935
Описание
A flaw was found in the Ansible Engine 2.9.18, where sensitive info is not masked by default and is not protected by the no_log feature when using the sub-option feature of the basic.py module. This flaw allows an attacker to obtain sensitive information. The highest threat from this vulnerability is to confidentiality.
Затронутые продукты
Ссылки
- CVE-2021-20228
- SUSE Bug 1181935
Описание
A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.
Затронутые продукты
Ссылки
- CVE-2021-3447
- SUSE Bug 1183684
Описание
A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.
Затронутые продукты
Ссылки
- CVE-2021-3583
- SUSE Bug 1188061
Описание
A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.
Затронутые продукты
Ссылки
- CVE-2021-3620
- SUSE Bug 1187725