SUSE: 2021:3547-1 Moderate: CVE-2021-21996 Code Injection Risk
suse
October 27, 2021
An update that solves one vulnerability, contains one feature and has three fixes is now available
Summary
This update fixes the following issues: salt: - Fix the regression of 'docker_container' state module - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265, CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories scap-security-guide: - Updated to 0.1.57 release (jsc#ECO-3319) - CIS profile for RHEL 7 is updated - initial CIS profiles for Ubuntu 20.04 - Major improvement of RHEL 9 content - new release process implemented using Github actions spacecmd: - Version 4.2.13-1 * Update translation strings * configchannel_updatefile handles directory properly (bsc#1190512) * Add schedule_archivecompleted to mass archive actions (bsc#1181223)
Topics Covered
References
#1181223 #1188977 #1190265 #1190512 ECO-3319
Cross- CVE-2021-21996
CVSS scores:
CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L
Affected Products:
SUSE Manager Debian 9.0-CLIENT-TOOLS
https://www.suse.com/security/cve/CVE-2021-21996.html
https://bugzilla.suse.com/1181223
https://bugzilla.suse.com/1188977
https://bugzilla.suse.com/1190265
https://bugzilla.suse.com/1190512
PREVIOUS
NEXT
Announcement ID: SUSE-SU-2021:3547-1
Rating: moderate
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!