SUSE Security Update: Security Beta update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:14404-1
Rating: moderate
References: #1159284 #1165572 #1168340 #1169604 #1169800
#1170104 #1170288 #1170595 #1171687 #1171906
#1172075 #1173072
Cross-References: CVE-2020-11651 CVE-2020-11652
Affected Products:
SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA
______________________________________________________________________________
An update that solves two vulnerabilities and has 10 fixes
is now available.
Description:
This update fixes the following issues:
salt:
- Require python3-distro only for TW (bsc#1173072)
- Various virt backports from 3000.2
- Avoid traceback on debug logging for swarm module (bsc#1172075)
- Add publish_batch to ClearFuncs exposed methods
- Zypperpkg: filter patterns that start with dot (bsc#1171906)
- Batch mode now also correctly provides return value (bsc#1168340)
- Add docker.logout to docker execution module (bsc#1165572)
- Testsuite fix
- Add option to enable/disable force refresh for zypper
- Python3.8 compatibility changes
- Prevent sporious "salt-api" stuck processes when managing SSH minions
because of logging deadlock (bsc#1159284)
- Avoid segfault from "salt-api" under certain conditions of heavy load
managing SSH minions (bsc#1169604)
- Revert broken changes to slspath made on Salt 3000
(saltstack/salt#56341) (bsc#1170104)
- Returns a the list of IPs filtered by the optional network list
- Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595)
- Do not require vendored backports-abc (bsc#1170288)
- Fix partition.mkpart to work without fstype (bsc#1169800)
spacecmd:
- Only report real error, not result (bsc#1171687)
- Use defined return values for spacecmd methods so scripts can check for
failure (bsc#1171687)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA:
zypper in -t patch suse-ubu164ct-client-tools-beta-202006-14404=1
Package List:
- SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA (all):
salt-common-3000+ds-1+9.17.1
salt-minion-3000+ds-1+9.17.1
spacecmd-4.1.4-2.9.4
References:
https://www.suse.com/security/cve/CVE-2020-11651.html
https://www.suse.com/security/cve/CVE-2020-11652.html
https://bugzilla.suse.com/1159284
https://bugzilla.suse.com/1165572
https://bugzilla.suse.com/1168340
https://bugzilla.suse.com/1169604
https://bugzilla.suse.com/1169800
https://bugzilla.suse.com/1170104
https://bugzilla.suse.com/1170288
https://bugzilla.suse.com/1170595
https://bugzilla.suse.com/1171687
https://bugzilla.suse.com/1171906
https://bugzilla.suse.com/1172075
https://bugzilla.suse.com/1173072
_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates
SUSE: 2020:14404-1 moderate: Security Beta SUSE Manager Client Tools
June 23, 2020
An update that solves two vulnerabilities and has 10 fixes is now available
Summary
This update fixes the following issues: salt: - Require python3-distro only for TW (bsc#1173072) - Various virt backports from 3000.2 - Avoid traceback on debug logging for swarm module (bsc#1172075) - Add publish_batch to ClearFuncs exposed methods - Zypperpkg: filter patterns that start with dot (bsc#1171906) - Batch mode now also correctly provides return value (bsc#1168340) - Add docker.logout to docker execution module (bsc#1165572) - Testsuite fix - Add option to enable/disable force refresh for zypper - Python3.8 compatibility changes - Prevent sporious "salt-api" stuck processes when managing SSH minions because of logging deadlock (bsc#1159284) - Avoid segfault from "salt-api" under certain conditions of heavy load managing SSH minions (bsc#1169604) - Revert broken changes to slspath made on Salt 3000 (saltstack/salt#56341) (bsc#1170104) - Returns a the list of IPs filtered by the optional network list - Fix CVE-2020-11651 and CVE-2020-11652 (bsc#1170595) - Do not require vendored backports-abc (bsc#1170288) - Fix partition.mkpart to work without fstype (bsc#1169800) spacecmd: - Only report real error, not result (bsc#1171687) - Use defined return values for spacecmd methods so scripts can check for failure (bsc#1171687) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA: zypper in -t patch suse-ubu164ct-client-tools-beta-202006-14404=1 Package List: - SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA (all): salt-common-3000+ds-1+9.17.1 salt-minion-3000+ds-1+9.17.1 spacecmd-4.1.4-2.9.4
References
#1159284 #1165572 #1168340 #1169604 #1169800
#1170104 #1170288 #1170595 #1171687 #1171906
#1172075 #1173072
Cross- CVE-2020-11651 CVE-2020-11652
Affected Products:
SUSE Manager Ubuntu 16.04-CLIENT-TOOLS-BETA
https://www.suse.com/security/cve/CVE-2020-11651.html
https://www.suse.com/security/cve/CVE-2020-11652.html
https://bugzilla.suse.com/1159284
https://bugzilla.suse.com/1165572
https://bugzilla.suse.com/1168340
https://bugzilla.suse.com/1169604
https://bugzilla.suse.com/1169800
https://bugzilla.suse.com/1170104
https://bugzilla.suse.com/1170288
https://bugzilla.suse.com/1170595
https://bugzilla.suse.com/1171687
https://bugzilla.suse.com/1171906
https://bugzilla.suse.com/1172075
https://bugzilla.suse.com/1173072
Severity
Announcement ID: SUSE-SU-2020:14404-1
Rating: moderate
News
HOWTOs
About Us
Powered By
