SUSE: 2020:14538-1 critical: SUSE Manager Client Tools
Summary
This update fixes the following issues: cobbler: - Fix parsing cobbler dictionary options with values containing "=", e.g. kernel params containing "=" (bsc#1176978) mgr-daemon: - Update translation strings salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) spacecmd: - Python3 fixes for errata in spacecmd (bsc#1169664) - Added support for i18n of user-facing strings - Python3 fix for sorted usage (bsc#1167907) spacewalk-client-tools: - Remove RH references in Python/Ruby localization and use the product name instead Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS: zypper in -t patch slesctsp4-client-tools-202010-14538=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS: zypper in -t patch slesctsp3-client-tools-202010-14538=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.12.1 mgr-daemon-4.1.3-5.20.1 mgr-daemon-debuginfo-4.1.3-5.20.1 mgr-daemon-debugsource-4.1.3-5.20.1 python2-spacewalk-check-4.1.7-27.38.1 python2-spacewalk-client-setup-4.1.7-27.38.1 python2-spacewalk-client-tools-4.1.7-27.38.1 salt-2016.11.10-43.63.1 salt-doc-2016.11.10-43.63.1 salt-minion-2016.11.10-43.63.1 spacecmd-4.1.8-18.72.1 spacewalk-check-4.1.7-27.38.1 spacewalk-client-setup-4.1.7-27.38.1 spacewalk-client-tools-4.1.7-27.38.1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.68.12.1 mgr-daemon-4.1.3-5.20.1 mgr-daemon-debuginfo-4.1.3-5.20.1 mgr-daemon-debugsource-4.1.3-5.20.1 python2-spacewalk-check-4.1.7-27.38.1 python2-spacewalk-client-setup-4.1.7-27.38.1 python2-spacewalk-client-tools-4.1.7-27.38.1 salt-2016.11.10-43.63.1 salt-doc-2016.11.10-43.63.1 salt-minion-2016.11.10-43.63.1 spacecmd-4.1.8-18.72.1 spacewalk-check-4.1.7-27.38.1 spacewalk-client-setup-4.1.7-27.38.1 spacewalk-client-tools-4.1.7-27.38.1
References
#1167907 #1169664 #1176978 #1178319 #1178361
#1178362
Cross- CVE-2020-16846 CVE-2020-17490 CVE-2020-25592
Affected Products:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS
https://www.suse.com/security/cve/CVE-2020-16846.html
https://www.suse.com/security/cve/CVE-2020-17490.html
https://www.suse.com/security/cve/CVE-2020-25592.html
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1176978
https://bugzilla.suse.com/1178319
https://bugzilla.suse.com/1178361
https://bugzilla.suse.com/1178362