Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 493
Alerts This Week
Warning Icon 1 493

SUSE: 2021:2673-1 Moderate: Client Tools Security Fix Overview

suse
Calendar Grey August 12, 2021
Dist Suse Esm H88
SUSE's recent security update for Manager client tools addresses critical vulnerabilities, enhancing user security with five patched issues and a new multi-factor authentication feature
An update that fixes 5 vulnerabilities, contains one feature is now available

Summary

This update fixes the following issues: golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SUSE Linux Enterprise 15, SP1, SP2 - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) - SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) + Features: * Promtool: Retroactive rule evaluation functionality. * Configuration: Environment variable expansion for external labels. Behind '--enable-feature=expand-external-labels' flag. * TSDB: Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control the max chunks file size of the blocks for small Prometheus instances. * UI: Add a dark theme. * AWS Lightsail Discovery: Add AWS Lightsail Discovery.

References

#1175478 #1186242 #1186508 #1186581 #1186650

SLE-18254

Cross- CVE-2021-27962 CVE-2021-28146 CVE-2021-28147

CVE-2021-28148 CVE-2021-29622

CVSS scores:

CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

SUSE Manager Tools 12

https://www.suse.com/security/cve/CVE-2021-27962.html

https://www.suse.com/security/cve/CVE-2021-28146.html

https://www.suse.com/security/cve/CVE-2021-28147.html

https://www.suse.com/security/cve/CVE-2021-28148.html

Announcement ID: SUSE-SU-2021:2673-1
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.