Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2021:3907-1 Moderate: Multiple Issues in Client Tools - DoS

suse
Calendar Grey December 3, 2021
Dist Suse Esm H88
A scheduled security enhancement for SUSE Manager Client Tools focusing on numerous security patches and system optimizations.
An update that solves 5 vulnerabilities, contains one feature and has 5 fixes is now available

Summary

This update fixes the following issues: cobbler: - Fixed rce in the xmlrpc which additionally allowed arbirtrary file read and write as root (bsc#1189458) golang-github-prometheus-prometheus: - Provide and reload firewalld configuration only for: + openSUSE Leap 15.0, 15.1, 15.2 + SUSE SLE15, SLE15 SP1, SLE15 SP2 - Refresh patches + Changed: - Upgrade to upstream version 2.27.1 (jsc#SLE-18254) + Bugfix: * SECURITY: Fix arbitrary redirects under the /new endpoint (CVE-2021-29622, bsc#1186242) - Upgrade to upstream version 2.27.0 + Features: * Promtool: Retroactive rule evaluation functionality. #7675 * Configuration: Environment variable expansion for external labels. Behind --enable-feature=expand-external-labels flag. #8649 * TSDB: Add a flag(--storage.tsdb.max-block-chunk-segment-size) to

Topics%20covered

Topics Covered

security advisory remote code execution moderate severity DDoS attack arbitrary file read SUSE Manager Tools Team notifications

References

#1175478 #1181223 #1186242 #1186508 #1186581

#1186650 #1188042 #1188977 #1189458 #1190512

SLE-18254

Cross- CVE-2021-27962 CVE-2021-28146 CVE-2021-28147

CVE-2021-28148 CVE-2021-29622

CVSS scores:

CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-28147 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:

SUSE Manager Tools 12-BETA

https://www.suse.com/security/cve/CVE-2021-27962.html

https://www.suse.com/security/cve/CVE-2021-28146.html

Announcement ID: SUSE-SU-2021:3907-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory remote code execution moderate severity DDoS attack arbitrary file read SUSE Manager Tools Team notifications

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here