Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: 2022:0798-1 Moderate: Update for SUSE Manager Server Available

suse
Calendar Grey March 10, 2022
Dist Suse Esm H88
The recent update for SUSE Manager Server 4.1 addresses a couple of concerns and introduces ten improvements aimed at boosting both security and overall functionality.
An update that solves two vulnerabilities and has 11 fixes is now available

Summary

This update fixes the following issues: c3p0: - Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19 * Address CVE-2018-20433 * Address CVE-2019-5427 - XML-config parsing related attacks (bsc#1133198) * Properly implement the JDBC 4.1 abort method - Build with log4j mapper - Enhanced for RHEL8 dhcpd-formula: - Update to version 0.1.1641480250.d5bd14c * make routers option optional - Add arm64 support - Update to version 0.1.1615805990.f15c8d9 hub-xmlrpc-api: - Updated to build on Enterprise Linux 8. py26-compat-msgpack-python: - Adapted to build on OBS for Enterprise Linux. py27-compat-salt: - Fix inspector module export function (bsc#1097531) - Fix possible traceback on ip6_interface grain (bsc#1193565) - Don't check for cached pillar errors on state.apply (bsc#1190781)

Topics%20covered

Topics Covered

security advisory software update package update system administration moderate fix SUSE Manager Server XML attacks

References

#1097531 #1133198 #1190781 #1191360 #1192510

#1192566 #1192822 #1193565 #1194044 #1194363

#1194464 #1195043 #1195282

Cross- CVE-2018-20433 CVE-2019-5427

CVSS scores:

CVE-2018-20433 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2018-20433 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L

CVE-2019-5427 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2019-5427 (SUSE): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Affected Products:

SUSE Linux Enterprise Module for SUSE Manager Server 4.1

SUSE Manager Server 4.1

https://www.suse.com/security/cve/CVE-2018-20433.html

https://www.suse.com/security/cve/CVE-2019-5427.html

https://bugzilla.suse.com/1097531

https://bugzilla.suse.com/1133198

Announcement ID: SUSE-SU-2022:0798-1
Rating: moderate

Topics%20covered

Topics Covered

security advisory software update package update system administration moderate fix SUSE Manager Server XML attacks

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here