Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 433
Alerts This Week
Warning Icon 1 433

SUSE: 2021:0448-1 Moderate: XXE Injection in Manager Server 4.0

suse
Calendar Grey February 12, 2021
Dist Suse Esm H88
A patch for SUSE Manager Server 4.0 introduces an urgent security remedy and improves overall system trustworthiness.
An update that solves one vulnerability and has 27 fixes is now available

Summary

This update fixes the following issues: cpu-mitigations-formula: - Handle unsupported target systems gracefully (bsc#1179273) - add mitigations for Xen hypervisor nutch-core: - Fix XXE injection in DmozParser CVE-2021-23901 (bsc#1181356) smdba: - Do not remove the database if there is no backup and deal with manifest - Fix smdba throws error on mgr-setup/installation - Raise an exception on failed external process call - Fix TablePrint formatting - Rename configuration parameter wal_keep_segments to wal_keep_size (jsc#SLE-17030) - Revert modifying cpu_tuple_cost - Adapted spec file for RHEL8 - Adapt recover mechanism for postgresql12 and later spacecmd: - Fix spacecmd with no parameters produces traceback on SLE 11 SP4 (bsc#1176823) spacewalk-backend: - Reposync: Fixed Kickstart functionality.

References

#1164227 #1164451 #1171836 #1176018 #1176417

#1176823 #1176898 #1176906 #1177031 #1177184

#1177336 #1177508 #1178303 #1178503 #1178647

#1178839 #1179087 #1179273 #1179410 #1179552

#1179589 #1179872 #1179990 #1180001 #1180127

#1180285 #1180803 #1181356

Cross- CVE-2021-23901

CVSS scores:

CVE-2021-23901 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.0

https://www.suse.com/security/cve/CVE-2021-23901.html

https://bugzilla.suse.com/1164227

https://bugzilla.suse.com/1164451

https://bugzilla.suse.com/1171836

https://bugzilla.suse.com/1176018

https://bugzilla.suse.com/1176417

https://bugzilla.suse.com/1176823

https://bugzilla.suse.com/1176898

Announcement ID: SUSE-SU-2021:0448-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.