Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

SUSE Linux Enterprise Module for CAP 15: SUSE-SU-2019:1220-1 Moderate

suse
Calendar Grey May 13, 2019
Dist Suse Esm H88
SUSE has released a security update that mitigates a moderate risk vulnerability in cf-cli, improving overall security and resolving numerous bugs.
An update that fixes one vulnerability is now available

Summary

This update for cf-cli fixes the following issues: cf-cli was updated: to version 6.43.0 (bsc#1132242) Enhancements : - `cf curl` supports a new `--fail` flag (primarily for scripting purposes) which returns exit code `22` for server errors [story]() - Improves `cf delete-orphaned-routes` such that it uses a different endpoint, reducing the chance of a race condition when two users are simultaneously deleting orphaned routes and associating routes with applications [story]() - we've improved the speed of cf services - it now hits a single endpoint instead of making individual API calls Security: - CVE-2019-3781: CF CLI does not sanitize user’s password in verbose/trace/debug. - Fixes issue with running cf login in verbose mode whereby passwords which contains regex were not completely redacted

Topics%20covered

Topics Covered

security advisory moderate update SUSE cf-cli user password issue service authentication

References

#1132242

Cross- CVE-2019-3781

Affected Products:

SUSE Linux Enterprise Module for CAP 15

https://www.suse.com/security/cve/CVE-2019-3781.html

https://bugzilla.suse.com/1132242

Announcement ID: SUSE-SU-2019:1220-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update SUSE cf-cli user password issue service authentication

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here