Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 551
Alerts This Week
Warning Icon 1 551

SUSE: 2021:0906-1 Moderate: SUSE Manager Server Security Update

suse
Calendar Grey March 19, 2021
Dist Suse Esm H88
This patch introduces several corrections for SUSE Manager Server 4.1 paired with improved security measures.
An update that solves four vulnerabilities and has 25 fixes is now available

Summary

This update fixes the following issues: cobbler: - Fix string replacement for @@xyz@@ - Better performing string replacements grafana-formula: - Set `supported` to false for unsupported systems (bsc#1182001) - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions mgr-libmod: - Fix 'list_modules' JSON serialization (bsc#1182492) mgr-osad: - Adapt to new SSL implementation of rhnlib (bsc#1181807) prometheus-exporters-formula: - Add Ubuntu support for Prometheus exporters' reverse proxy prometheus-formula: - Set server hostname from pillar data (bsc#1180439) py26-compat-salt: - Do not crash when unexpected cmd output at listing patches (bsc#1181290) rhnlib: - Change SSL implementation to python ssl for better SAN and hostname matching support (bsc#1181807) smdba:

References

#1157711 #1173893 #1175660 #1177508 #1179579

#1180145 #1180146 #1180224 #1180439 #1180547

#1180558 #1180757 #1180994 #1181048 #1181165

#1181228 #1181290 #1181416 #1181423 #1181635

#1181807 #1181814 #1182001 #1182006 #1182008

#1182071 #1182200 #1182492 #1182685

Cross- CVE-2020-26217 CVE-2020-26258 CVE-2020-26259

CVE-2020-28477

CVSS scores:

CVE-2020-26217 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-26217 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-26258 (NVD) : 7.7 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2020-26258 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVE-2020-26259 (NVD) : 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N

Announcement ID: SUSE-SU-2021:0906-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.