Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:0593-1 Moderate: SQL Injection in SUSE Manager Server

suse
Calendar Grey February 28, 2022
Dist Suse Esm H88
Implement the recent SUSE Manager Server 4.2 security patch that resolves SQL injection vulnerabilities along with various additional corrections.
An update that solves one vulnerability and has 29 fixes is now available

Summary

This update fixes the following issues: c3p0: - Build with log4j mapper dhcpd-formula: - Update to version 0.1.1641480250.d5bd14c * make routers option optional hibernate5: - Fix potential SQL injection CVE-2020-25638 (bsc#1193832) mgr-libmod: - Version 4.2.7-1 * require python macros for building mgr-osad: - Version 4.2.7-1 * Do not build python 2 package for SLE15SP4 and higher * require python macros for building mgr-push: - Version 4.2.4-1 * Do not build python 2 package for SLE15SP4 and higher py27-compat-salt: - Fix inspector module export function (bsc#1097531) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781) - Simplify "transactional_update" module to not use SSH wrapper and allow more flexible execution

Topics%20covered

Topics Covered

security advisory moderate update security fix SQL injection SUSE Linux Enterprise SUSE Manager

References

#1097531 #1173103 #1189561 #1190781 #1191192

#1191285 #1191857 #1192321 #1192368 #1192440

#1192487 #1192510 #1192514 #1192550 #1192566

#1192699 #1192776 #1193008 #1193292 #1193565

#1193585 #1193612 #1193694 #1193832 #1194044

#1194397 #1194862 #1194905 #1194990 #1195171

Cross- CVE-2020-25638

CVSS scores:

CVE-2020-25638 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

CVE-2020-25638 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.2

SUSE Manager Server 4.2

https://www.suse.com/security/cve/CVE-2020-25638.html

https://bugzilla.suse.com/1097531

https://bugzilla.suse.com/1173103

https://bugzilla.suse.com/1189561

https://bugzilla.suse.com/1190781

Announcement ID: SUSE-SU-2022:0593-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory moderate update security fix SQL injection SUSE Linux Enterprise SUSE Manager

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here