Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE Manager Server 4.1: SUSE-SU-2022:0225-1 Moderate SQL Injection

suse
Calendar Grey January 28, 2022
Dist Suse Esm H88
The update for SUSE Manager Server 4.1 resolves a moderate risk SQL injection vulnerability and includes additional improvements.
An update that solves one vulnerability and has 27 fixes is now available

Summary

This update fixes the following issues: hibernate5: - Fix potential SQL injection CVE-2020-25638 (bsc#1193832) mgr-libmod: - Version 4.1.10-1 * require python macros for building mgr-osad: - Version 4.1.6-1 * require python macros for building prometheus-formula: - Version 0.3.5 * Add support for new Uyuni SD in Prometheus >= 2.31 py27-compat-salt: - Fix `tmpfiles.d` configuration for salt to not use legacy paths (bsc#1173103) - Remove wrong `_parse_cpe_name` from grains.core - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Added Python2 build possibility for RHEL8 - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls

Topics%20covered

Topics Covered

security advisory moderate software update patch SQL injection SUSE Linux Enterprise SUSE Manager Server

References

#1173103 #1173143 #1184617 #1187708 #1188505

#1188900 #1190114 #1190446 #1191192 #1191222

#1191285 #1191313 #1191340 #1191377 #1191412

#1191442 #1191656 #1191702 #1191899 #1192487

#1192514 #1192736 #1193008 #1193585 #1193612

#1193694 #1193832 #1194990

Cross- CVE-2020-25638

CVSS scores:

CVE-2020-25638 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2020-25638 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.1

https://www.suse.com/security/cve/CVE-2020-25638.html

https://bugzilla.suse.com/1173103

https://bugzilla.suse.com/1173143

https://bugzilla.suse.com/1184617

https://bugzilla.suse.com/1187708

https://bugzilla.suse.com/1188505

Announcement ID: SUSE-SU-2022:0225-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate software update patch SQL injection SUSE Linux Enterprise SUSE Manager Server

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here