SUSE: 2020:14570-1 moderate: Security Beta SUSE Manager Client Tools
Summary
This update fixes the following issues: cobbler: - Fix parsing cobbler dictionary options with values containing "=", e.g. kernel params containing "=" (bsc#1176978) golang-github-wrouesnel-postgres_exporter: - Enable package building for ppc64le mgr-cfg: - Update package version to 4.2.0 mgr-custom-info: - Update package version to 4.2.0 mgr-daemon: - Added quotes around %{_vendor} token for the if statements in spec file. - Fix removal of mgr-deamon with selinux enabled (bsc#1177928) - Updating translations from weblate - Remove duplicate languages and update translation strings mgr-osad: - Python fixes - Removal of RHEL5 - Move uyuni-base-common dependency from mgr-osad to mgr-osa-dispatcher (bsc#1174405) mgr-push: - Defined __python for python2. - Excluded RHEL8 for Python 2 build. mgr-virtualization: - Update package version to 4.2.0 rhnlib: - Update package version to 4.2.0 salt: - Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361) (CVE-2020-25592, CVE-2020-17490, CVE-2020-16846) spacecmd: - Update translations - Fix: make spacecmd build on Debian - Python3 fixes for errata in spacecmd (bsc#1169664) - Added support for i18n of user-facing strings - Python3 fix for sorted usage (bsc#1167907) - Fix softwarechannel_listlatestpackages throwing error on empty channels (bsc#1175889) - Add Service Pack migration operations (bsc#1173557) - Fix softwarechannel update for vendor channels (bsc#1172709) - Fix escaping of package names (bsc#1171281) spacewalk-client-tools: - Updated RHEL Python requirements. - Added quotes around %{_vendor}. - Remove RH references in Python/Ruby localization and use the product name instead - Updating translations from weblate - Remove duplicated languages and update translation strings spacewalk-koan: - Adjust ownership of some tests files to fix them - Fix for spacewalk-koan test spacewalk-oscap: - Update package version to 4.2.0 spacewalk-remote-utils: - Update package version to 4.2.0 supportutils-plugin-susemanager-client: - Remove checks for obsolete packages - Gather new configfiles - Add more important informations suseRegisterInfo: - Adapted for RHEL build. - Enhance RedHat product detection for CentOS and OracleLinux (bsc#1173584) uyuni-base: - Added RHEL8 compatibility. uyuni-common-libs: - Cleaning up unused Python 2 build leftovers. - Disabled debug package build. - Fix issues importing RPM packages with long RPM headers (bsc#1174965) zypp-plugin-spacewalk: - Support "allow vendor change" for dist upgrades Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA: zypper in -t patch slesctsp4-client-tools-beta-202012-14570=1 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA: zypper in -t patch slesctsp3-client-tools-beta-202012-14570=1 Package List: - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.72.9.3 libyaml-0-2-0.1.3-0.10.28.3.2 libzmq3-4.0.4-6.3.2 mgr-cfg-4.2.1-8.9.2 mgr-cfg-actions-4.2.1-8.9.2 mgr-cfg-client-4.2.1-8.9.2 mgr-cfg-management-4.2.1-8.9.2 mgr-custom-info-4.2.1-8.6.2 mgr-daemon-4.2.4-8.6.2 mgr-osad-4.2.2-8.9.3 mgr-push-4.2.2-8.6.2 mgr-virtualization-host-4.2.1-8.6.3 python-Jinja2-2.6-2.23.3.2 python-MarkupSafe-0.18-0.12.3.2 python-backports.ssl_match_hostname-3.4.0.2-7.3.2 python-certifi-2015.9.6.2-7.3.2 python-futures-2.1.3-0.10.3.2 python-jabberpy-0.5-0.17.3.2 python-msgpack-python-0.4.6-6.3.2 python-psutil-1.2.1-0.10.3.2 python-pycrypto-2.6.1-9.3.2 python-pyinotify-0.9.6-6.3.2 python-pyzmq-14.0.0-6.3.2 python-requests-2.0.1-0.18.3.2 python-simplejson-2.1.1-1.16.3.2 python-tornado-4.2.1-9.3.2 python-yaml-3.09-0.12.3.2 python2-mgr-cfg-4.2.1-8.9.2 python2-mgr-cfg-actions-4.2.1-8.9.2 python2-mgr-cfg-client-4.2.1-8.9.2 python2-mgr-cfg-management-4.2.1-8.9.2 python2-mgr-osa-common-4.2.2-8.9.3 python2-mgr-osad-4.2.2-8.9.3 python2-mgr-push-4.2.2-8.6.2 python2-mgr-virtualization-common-4.2.1-8.6.3 python2-mgr-virtualization-host-4.2.1-8.6.3 python2-rhnlib-4.2.1-15.9.2 python2-spacewalk-check-4.2.4-30.18.2 python2-spacewalk-client-setup-4.2.4-30.18.2 python2-spacewalk-client-tools-4.2.4-30.18.2 python2-spacewalk-koan-4.2.3-12.6.2 python2-spacewalk-oscap-4.2.1-9.6.3 python2-suseRegisterInfo-4.2.2-9.9.2 python2-uyuni-common-libs-4.2.2-7.15.2 python2-zypp-plugin-spacewalk-1.0.8-30.9.2 salt-2016.11.10-46.12.3 salt-doc-2016.11.10-46.12.3 salt-minion-2016.11.10-46.12.3 spacecmd-4.2.3-21.12.2 spacewalk-backend-libs-4.0.31-31.3.2 spacewalk-check-4.2.4-30.18.2 spacewalk-client-setup-4.2.4-30.18.2 spacewalk-client-tools-4.2.4-30.18.2 spacewalk-koan-4.2.3-12.6.2 spacewalk-oscap-4.2.1-9.6.3 spacewalk-usix-4.0.9-6.3.2 suseRegisterInfo-4.2.2-9.9.2 uyuni-base-common-4.2.2-7.6.2 zypp-plugin-spacewalk-1.0.8-30.9.2 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (i586 x86_64): golang-github-prometheus-node_exporter-0.18.1-8.6.2 golang-github-wrouesnel-postgres_exporter-0.4.7-8.6.2 - SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (noarch): kiwi-desc-saltboot-0.1.1585064259.12b97ef-8.9.2 spacewalk-remote-utils-4.2.1-9.6.2 supportutils-plugin-salt-1.1.4-9.3.2 supportutils-plugin-susemanager-client-4.2.2-12.9.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (i586 ia64 ppc64 s390x x86_64): koan-2.2.2-0.72.9.3 libyaml-0-2-0.1.3-0.10.28.3.2 libzmq3-4.0.4-6.3.2 mgr-cfg-4.2.1-8.9.2 mgr-cfg-actions-4.2.1-8.9.2 mgr-cfg-client-4.2.1-8.9.2 mgr-cfg-management-4.2.1-8.9.2 mgr-custom-info-4.2.1-8.6.2 mgr-daemon-4.2.4-8.6.2 mgr-osad-4.2.2-8.9.3 mgr-push-4.2.2-8.6.2 mgr-virtualization-host-4.2.1-8.6.3 python-Jinja2-2.6-2.23.3.2 python-MarkupSafe-0.18-0.12.3.2 python-backports.ssl_match_hostname-3.4.0.2-7.3.2 python-certifi-2015.9.6.2-7.3.2 python-futures-2.1.3-0.10.3.2 python-jabberpy-0.5-0.17.3.2 python-msgpack-python-0.4.6-6.3.2 python-psutil-1.2.1-0.10.3.2 python-pycrypto-2.6.1-9.3.2 python-pyinotify-0.9.6-6.3.2 python-pyzmq-14.0.0-6.3.2 python-requests-2.0.1-0.18.3.2 python-simplejson-2.1.1-1.16.3.2 python-tornado-4.2.1-9.3.2 python-yaml-3.09-0.12.3.2 python2-mgr-cfg-4.2.1-8.9.2 python2-mgr-cfg-actions-4.2.1-8.9.2 python2-mgr-cfg-client-4.2.1-8.9.2 python2-mgr-cfg-management-4.2.1-8.9.2 python2-mgr-osa-common-4.2.2-8.9.3 python2-mgr-osad-4.2.2-8.9.3 python2-mgr-push-4.2.2-8.6.2 python2-mgr-virtualization-common-4.2.1-8.6.3 python2-mgr-virtualization-host-4.2.1-8.6.3 python2-rhnlib-4.2.1-15.9.2 python2-spacewalk-check-4.2.4-30.18.2 python2-spacewalk-client-setup-4.2.4-30.18.2 python2-spacewalk-client-tools-4.2.4-30.18.2 python2-spacewalk-koan-4.2.3-12.6.2 python2-spacewalk-oscap-4.2.1-9.6.3 python2-suseRegisterInfo-4.2.2-9.9.2 python2-uyuni-common-libs-4.2.2-7.15.2 python2-zypp-plugin-spacewalk-1.0.8-30.9.2 salt-2016.11.10-46.12.3 salt-doc-2016.11.10-46.12.3 salt-minion-2016.11.10-46.12.3 spacecmd-4.2.3-21.12.2 spacewalk-backend-libs-4.0.31-31.3.2 spacewalk-check-4.2.4-30.18.2 spacewalk-client-setup-4.2.4-30.18.2 spacewalk-client-tools-4.2.4-30.18.2 spacewalk-koan-4.2.3-12.6.2 spacewalk-oscap-4.2.1-9.6.3 spacewalk-usix-4.0.9-6.3.2 suseRegisterInfo-4.2.2-9.9.2 uyuni-base-common-4.2.2-7.6.2 zypp-plugin-spacewalk-1.0.8-30.9.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (i586 x86_64): golang-github-prometheus-node_exporter-0.18.1-8.6.2 golang-github-wrouesnel-postgres_exporter-0.4.7-8.6.2 - SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (noarch): kiwi-desc-saltboot-0.1.1585064259.12b97ef-8.9.2 spacewalk-remote-utils-4.2.1-9.6.2 supportutils-plugin-salt-1.1.4-9.3.2 supportutils-plugin-susemanager-client-4.2.2-12.9.2
References
#1167907 #1169664 #1171281 #1172709 #1173557
#1173584 #1174405 #1174965 #1175889 #1176978
#1177928 #1178319 #1178361 #1178362
Cross- CVE-2020-16846 CVE-2020-17490 CVE-2020-25592
Affected Products:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA
https://www.suse.com/security/cve/CVE-2020-16846.html
https://www.suse.com/security/cve/CVE-2020-17490.html
https://www.suse.com/security/cve/CVE-2020-25592.html
https://bugzilla.suse.com/1167907
https://bugzilla.suse.com/1169664
https://bugzilla.suse.com/1171281
https://bugzilla.suse.com/1172709
https://bugzilla.suse.com/1173557
https://bugzilla.suse.com/1173584
https://bugzilla.suse.com/1174405
https://bugzilla.suse.com/1174965
https://bugzilla.suse.com/1175889
https://bugzilla.suse.com/1176978
https://bugzilla.suse.com/1177928
https://bugzilla.suse.com/1178319
https://bugzilla.suse.com/1178361
https://bugzilla.suse.com/1178362