Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 498
Alerts This Week
Warning Icon 1 498

SUSE: 2021:14677-1 Moderate: Security Beta Update For Client Tools

suse
Calendar Grey March 19, 2021
Dist Suse Esm H88
SUSE Security Beta release rectifying numerous vulnerabilities within Manager Client Tools. Essential patches and enhancements introduced.
An update that solves 10 vulnerabilities and has 10 fixes is now available

Summary

This update fixes the following issues: salt: - Only require python-certifi for CentOS7 - Fix race conditions for corner cases when handling SIGTERM by minion (bsc#1172110) - Implementation of suse_ip execution module to prevent issues with network.managed (bsc#1099976) - Fix recursion false detection in payload (bsc#1180101) - Add sleep on exception handling on minion connection attempt to the master (bsc#1174855) - Allows for the VMware provider to handle CPU and memory hot-add in newer versions of the software. (bsc#1181347) - Always require python-certifi (used by salt.ext.tornado) - Exclude SLE 12 from requiring python-certifi - Do not crash when unexpected cmd output at listing patches (bsc#1181290) - Fix behavior for "onlyif/unless" when multiple conditions (bsc#1180818)

References

#1099976 #1172110 #1174855 #1179696 #1180101

#1180818 #1181290 #1181347 #1181550 #1181556

#1181557 #1181558 #1181559 #1181560 #1181561

#1181562 #1181563 #1181564 #1181565 #1182740

Cross- CVE-2020-28243 CVE-2020-28972 CVE-2020-35662

CVE-2021-25281 CVE-2021-25282 CVE-2021-25283

CVE-2021-25284 CVE-2021-3144 CVE-2021-3148

CVE-2021-3197

CVSS scores:

CVE-2020-28243 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVE-2020-28243 (SUSE): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2020-28972 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2020-28972 (SUSE): 7.3 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

CVE-2020-35662 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Announcement ID: SUSE-SU-2021:14677-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.