SUSE: 2022:0311-1 Moderate: Manager Client Tools Security Update
suse
February 2, 2022
An update that solves two vulnerabilities and has three fixes is now available
Summary
This update fixes the following issues: ansible: - Require python macros for building grafana: - Update to version 7.5.12: * Fix markdown path traversal (#42969, bsc#1193688, CVE-2021-43813) - Recreate tarballs using the makefile to update the npm and go modules required - Update to version 7.5.11: * Fix Snapshot authentication bypass (bsc#1191454, CVE-2021-39226) * Fix certs issue (#40002) * Release v7.5.11 (#124) * Fix static path matching issue in macaron * OAuth: add docs for disableAutoLogin param (#38752) (#38894) * Fix #747; remove 'other variables'. (#37866) (#37878) * Update alert docs (#33658) (#33659) * [7.5.x] Docs: added documentation for the "prepare time series"-transformation. (#36836) * cherry picked dc5778c303ca555b70e8ca8c28e95997e26ecfc1 (#36813)
References
#1190781 #1191454 #1192487 #1193600 #1193688
Cross- CVE-2021-39226 CVE-2021-43813
CVSS scores:
CVE-2021-39226 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-39226 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2021-43813 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
CVE-2021-43813 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Manager Tools 15-BETA
https://www.suse.com/security/cve/CVE-2021-39226.html
https://www.suse.com/security/cve/CVE-2021-43813.html
https://bugzilla.suse.com/1190781
https://bugzilla.suse.com/1191454
https://bugzilla.suse.com/1192487
https://bugzilla.suse.com/1193600
https://bugzilla.suse.com/1193688
PREVIOUS 
NEXT Announcement ID: SUSE-SU-2022:0311-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!