openSUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    openSUSE-SU-2021:2675-1
Rating:             moderate
References:         #1175478 #1186242 #1186508 #1186581 #1186650 
                    #1188846 SLE-18254 
Cross-References:   CVE-2021-27962 CVE-2021-28146 CVE-2021-28147
                    CVE-2021-28148 CVE-2021-29622
CVSS scores:
                    CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
                    CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
                    CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:
                    openSUSE Leap 15.3
______________________________________________________________________________

   An update that solves 5 vulnerabilities, contains one
   feature and has one errata is now available.

Description:


   This update fixes the following issues:

   ansible:

   - The support level for ansible is l2, not l3

   dracut-saltboot:

   - Force installation of libexpat.so.1 (bsc#1188846)
   - Use kernel parameters from PXE formula also for local boot

   golang-github-prometheus-prometheus:

   - Provide and reload firewalld configuration only for:
     + openSUSE Leap 15.0, 15.1, 15.2
     + SUSE Linux Enterprise 15, 15 SP1, 15 SP2
   - Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
     + Bugfix:
      * SECURITY: Fix arbitrary redirects under the /new endpoint
        (CVE-2021-29622, bsc#1186242)
      * UI: Provide errors instead of blank page on TSDB Status Page. #8654
        #8659
       * TSDB: Do not panic when writing very large records to the WAL. #8790
       * TSDB: Avoid panic when mmaped memory is referenced after the file is
         closed. #8723
       * Scaleway Discovery: Fix nil pointer dereference. #8737
       * Consul Discovery: Restart no longer required after config update
         with no targets. #8766
     + Features:
       * Promtool: Retroactive rule evaluation functionality.
       * Configuration: Environment variable expansion for external labels.
         Behind '--enable-feature=expand-external-labels' flag.
       * Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control
         the max chunks file size of the blocks for small Prometheus
         instances.
       * UI: Add a dark theme.
       * AWS Lightsail Discovery: Add AWS Lightsail Discovery.
       * Docker Discovery: Add Docker Service Discovery.
       * OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
       * Remote Write: Send exemplars via remote write. Experimental and
         disabled by default.
     + Enhancements:
       * Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.
       * Scaleway Discovery: Read Scaleway secret from a file.
       * Scrape: Add configurable limits for label size and count.
       * UI: Add 16w and 26w time range steps.
       * Templating: Enable parsing strings in humanize functions.
   - Update package with changes from `server:monitoring` (bsc#1175478) Left
     out removal of 'firewalld' related configuration files as SUSE Linux
     Enterprise 15-SP1's `firewalld` package does not contain 'prometheus'
     configuration yet.

   mgr-cfg:

   - No visible impact for the user

   mgr-custom-info:

   - No visible impact for the user

   mgr-osad:

   - No visible impact for the user

   mgr-push:

   - No visible impact for the user

   mgr-virtualization:

   - No visible impact for the user

   rhnlib:

   - No visible impact for the user

   spacecmd:

   - Make spacecmd aware of retracted patches/packages
   - Enhance help for installation types when creating distributions
     (bsc#1186581)
   - Parse empty argument when nothing in between the separator

   spacewalk-client-tools:

   - Update translation strings

   spacewalk-koan:

   - Fix for spacewalk-koan tests after switching to the new Docker images

   spacewalk-oscap:

   - No visible impact for the user

   suseRegisterInfo:

   - No visible impact for the user

   uyuni-common-libs:

   - Handle broken RPM packages to prevent exceptions causing fails on
     repository synchronization (bsc#1186650)
   - Maintainer field in debian packages are only recommended (bsc#1186508)


Patch Instructions:

   To install this openSUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - openSUSE Leap 15.3:

      zypper in -t patch openSUSE-SLE-15.3-2021-2675=1



Package List:

   - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

      python2-uyuni-common-libs-4.2.5-1.15.1
      python3-uyuni-common-libs-4.2.5-1.15.1

   - openSUSE Leap 15.3 (noarch):

      ansible-2.9.21-1.5.1
      ansible-doc-2.9.21-1.5.1
      ansible-test-2.9.21-1.5.1
      dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1
      mgr-cfg-4.2.3-1.18.1
      mgr-cfg-actions-4.2.3-1.18.1
      mgr-cfg-client-4.2.3-1.18.1
      mgr-cfg-management-4.2.3-1.18.1
      mgr-custom-info-4.2.2-1.12.1
      mgr-osa-dispatcher-4.2.6-1.30.1
      mgr-osad-4.2.6-1.30.1
      mgr-push-4.2.3-1.12.1
      mgr-virtualization-host-4.2.2-1.20.1
      python2-mgr-cfg-4.2.3-1.18.1
      python2-mgr-cfg-actions-4.2.3-1.18.1
      python2-mgr-cfg-client-4.2.3-1.18.1
      python2-mgr-cfg-management-4.2.3-1.18.1
      python2-mgr-osa-common-4.2.6-1.30.1
      python2-mgr-osa-dispatcher-4.2.6-1.30.1
      python2-mgr-osad-4.2.6-1.30.1
      python2-mgr-push-4.2.3-1.12.1
      python2-mgr-virtualization-common-4.2.2-1.20.1
      python2-mgr-virtualization-host-4.2.2-1.20.1
      python2-rhnlib-4.2.4-3.28.1
      python2-spacewalk-check-4.2.12-3.44.1
      python2-spacewalk-client-setup-4.2.12-3.44.1
      python2-spacewalk-client-tools-4.2.12-3.44.1
      python2-spacewalk-koan-4.2.4-3.21.1
      python2-spacewalk-oscap-4.2.2-3.12.1
      python2-suseRegisterInfo-4.2.4-3.15.1
      python3-mgr-cfg-4.2.3-1.18.1
      python3-mgr-cfg-actions-4.2.3-1.18.1
      python3-mgr-cfg-client-4.2.3-1.18.1
      python3-mgr-cfg-management-4.2.3-1.18.1
      python3-mgr-osa-common-4.2.6-1.30.1
      python3-mgr-osa-dispatcher-4.2.6-1.30.1
      python3-mgr-osad-4.2.6-1.30.1
      python3-mgr-push-4.2.3-1.12.1
      python3-mgr-virtualization-common-4.2.2-1.20.1
      python3-mgr-virtualization-host-4.2.2-1.20.1
      python3-rhnlib-4.2.4-3.28.1
      python3-spacewalk-check-4.2.12-3.44.1
      python3-spacewalk-client-setup-4.2.12-3.44.1
      python3-spacewalk-client-tools-4.2.12-3.44.1
      python3-spacewalk-koan-4.2.4-3.21.1
      python3-spacewalk-oscap-4.2.2-3.12.1
      python3-suseRegisterInfo-4.2.4-3.15.1
      spacecmd-4.2.11-3.62.1
      spacewalk-check-4.2.12-3.44.1
      spacewalk-client-setup-4.2.12-3.44.1
      spacewalk-client-tools-4.2.12-3.44.1
      spacewalk-koan-4.2.4-3.21.1
      spacewalk-oscap-4.2.2-3.12.1
      suseRegisterInfo-4.2.4-3.15.1


References:

   https://www.suse.com/security/cve/CVE-2021-27962.html
   https://www.suse.com/security/cve/CVE-2021-28146.html
   https://www.suse.com/security/cve/CVE-2021-28147.html
   https://www.suse.com/security/cve/CVE-2021-28148.html
   https://www.suse.com/security/cve/CVE-2021-29622.html
   https://bugzilla.suse.com/1175478
   https://bugzilla.suse.com/1186242
   https://bugzilla.suse.com/1186508
   https://bugzilla.suse.com/1186581
   https://bugzilla.suse.com/1186650
   https://bugzilla.suse.com/1188846