openSUSE Security Update: Security update for SUSE Manager Client Tools

Announcement ID:    openSUSE-SU-2021:1162-1
Rating:             moderate
References:         #1175478 #1186242 #1186508 #1186581 #1186650 
                    #1188846 SLE-18254 
Cross-References:   CVE-2021-27962 CVE-2021-28146 CVE-2021-28147
                    CVE-2021-28148 CVE-2021-29622
CVSS scores:
                    CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:
                    openSUSE Leap 15.2

   An update that solves 5 vulnerabilities, contains one
   feature and has one errata is now available.


   This update fixes the following issues:


   - The support level for ansible is l2, not l3


   - Force installation of (bsc#1188846)
   - Use kernel parameters from PXE formula also for local boot


   - Provide and reload firewalld configuration only for:
     + openSUSE Leap 15.0, 15.1, 15.2
     + SUSE Linux Enterprise 15, 15 SP1, 15 SP2
   - Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
     + Bugfix:
      * SECURITY: Fix arbitrary redirects under the /new endpoint
        (CVE-2021-29622, bsc#1186242)
      * UI: Provide errors instead of blank page on TSDB Status Page. #8654
       * TSDB: Do not panic when writing very large records to the WAL. #8790
       * TSDB: Avoid panic when mmaped memory is referenced after the file is
         closed. #8723
       * Scaleway Discovery: Fix nil pointer dereference. #8737
       * Consul Discovery: Restart no longer required after config update
         with no targets. #8766
     + Features:
       * Promtool: Retroactive rule evaluation functionality.
       * Configuration: Environment variable expansion for external labels.
         Behind '--enable-feature=expand-external-labels' flag.
       * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control
         the max chunks file size of the blocks for small Prometheus
       * UI: Add a dark theme.
       * AWS Lightsail Discovery: Add AWS Lightsail Discovery.
       * Docker Discovery: Add Docker Service Discovery.
       * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
       * Remote Write: Send exemplars via remote write. Experimental and
         disabled by default.
     + Enhancements:
       * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.
       * Scaleway Discovery: Read Scaleway secret from a file.
       * Scrape: Add configurable limits for label size and count.
       * UI: Add 16w and 26w time range steps.
       * Templating: Enable parsing strings in humanize functions.
   - Update package with changes from `server:monitoring` (bsc#1175478) Left
     out removal of 'firewalld' related configuration files as SUSE Linux
     Enterprise 15-SP1's `firewalld` package does not contain 'prometheus'
     configuration yet.


   - No visible impact for the user


   - No visible impact for the user


   - No visible impact for the user


   - No visible impact for the user


   - No visible impact for the user


   - No visible impact for the user


   - Make spacecmd aware of retracted patches/packages
   - Enhance help for installation types when creating distributions
   - Parse empty argument when nothing in between the separator


   - Update translation strings


   - Fix for spacewalk-koan tests after switching to the new Docker images


   - No visible impact for the user


   - No visible impact for the user


   - Handle broken RPM packages to prevent exceptions causing fails on
     repository synchronization (bsc#1186650)
   - Maintainer field in debian packages are only recommended (bsc#1186508)

   This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.2:

      zypper in -t patch openSUSE-2021-1162=1

Package List:

   - openSUSE Leap 15.2 (x86_64):


   - openSUSE Leap 15.2 (noarch):