Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE Manager Server 3.1: 2018:3811-1 Moderate: Auth Bypass & Traversal Fix

suse
Calendar Grey November 19, 2018
Dist Suse Esm H88
An updated security patch for SUSE Manager Server 3.1 has been released to address vulnerabilities concerning authentication bypass and directory traversal.
An update that solves two vulnerabilities and has 33 fixes is now available

Summary

This update includes the following new features: - Add support for postgresql 10 (fate#325659) This update fixes the following issues: py26-compat-salt: - Update Salt version to 2016.11.10 - CVE-2018-15750: Fixed directory traversal vulnerability in salt-api (bsc#1113698). - CVE-2018-15751: Fixed remote authentication bypass in salt-api(netapi) that allows to execute arbitrary commands (bsc#1113699). - Fix wrong recurse behavior on for linux_acl.present (bsc#1106164) - Adding backport for string arg normalization and fix for SUSE ES os - Prepend current directory when path is just filename (bsc#1095942) smdba: - Add support for postgresql 10 (fate#325659) spacecmd: - Show group id on group_details (bsc#1111542) - State channels handling: Existing commands configchannel_create and

References

#1034030 #1037389 #1042184 #1080474 #1090676

#1094524 #1094992 #1095220 #1095942 #1095972

#1096511 #1098970 #1099857 #1100852 #1101033

#1104120 #1104487 #1105045 #1105074 #1105720

#1105724 #1105886 #1106164 #1106875 #1107117

#1107302 #1107850 #1107869 #1109235 #1111249

#1111542 #1112163 #1113557 #1113698 #1113699

Cross- CVE-2017-14695 CVE-2017-14696

Affected Products:

SUSE Manager Server 3.1

https://www.suse.com/security/cve/CVE-2017-14695.html

https://www.suse.com/security/cve/CVE-2017-14696.html

https://bugzilla.suse.com/1034030

https://bugzilla.suse.com/1037389

https://bugzilla.suse.com/1042184

https://bugzilla.suse.com/1080474

https://bugzilla.suse.com/1090676

https://bugzilla.suse.com/1094524

https://bugzilla.suse.com/1094992

Announcement ID: SUSE-SU-2018:3811-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.