SUSE: 2022:1397-1 Moderate: Two Issues in SUSE Manager Server
suse
April 25, 2022
An update that solves two vulnerabilities and has 31 fixes is now available
Summary
This update fixes the following issues: c3p0: - Update to version c3p0 0.9.5.5 and mchange-commons-java 0.2.19 * Address CVE-2018-20433 * Address CVE-2019-5427 - XML-config parsing related attacks (bsc#1133198) * Properly implement the JDBC 4.1 abort method grafana-formula: - Version 0.7.0 * Add SLES 15 SP4 and openSUSE Leap 15.4 to supported versions hub-xmlrpc-api: - Updated to build on Enterprise Linux 8. inter-server-sync: - Version 0.1.0 * Allow export and import of configuration channels * Clean lookup cache after processing a channel (bsc#1195750) * Improve lookup method for generate foreign key export - Adapted for build on Enterprise Linux 8. mgr-osad: - Version 4.2.8-1 * Fix the condition for preventing building python 2 subpackage for SLE15 mgr-push: - Version 4.2.5-1
References
#1133198 #1173527 #1186336 #1191360 #1191597
#1192150 #1192822 #1193448 #1194363 #1194447
#1194464 #1194909 #1195043 #1195145 #1195271
#1195282 #1195294 #1195666 #1195712 #1195750
#1195757 #1195762 #1195765 #1195772 #1195920
#1196067 #1196094 #1196407 #1196455 #1196693
#1196704 #1196977 #1197007
Cross- CVE-2018-20433 CVE-2019-5427
CVSS scores:
CVE-2018-20433 (NVD) : 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2018-20433 (SUSE): 4.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CVE-2019-5427 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2019-5427 (SUSE): 5.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.2
SUSE Manager Server 4.2
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2022:1397-1
Rating: moderate
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!