SUSE: 2022:3178-1 Important: Manager Client Tools Security Issues

suse

September 8, 2022

An update that solves 7 vulnerabilities, contains three features and has 10 fixes is now available

Summary

This update fixes the following issues: ansible: - Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133) * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725) * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061) * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460) - Update to 2.9.22: * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values

Topics Covered

security advisory critical issue software update important SUSE threat management manager tools

References

#1176460 #1180816 #1180942 #1181119 #1181935

#1183684 #1187725 #1188061 #1193585 #1197963

#1199528 #1200142 #1200591 #1200968 #1200970

#1201003 #1202614 SLE-23631 SLE-24133 SLE-24791

Cross- CVE-2021-20178 CVE-2021-20180 CVE-2021-20191

CVE-2021-20228 CVE-2021-3447 CVE-2021-3583

CVE-2021-3620

CVSS scores:

CVE-2021-20178 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-20178 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CVE-2021-20180 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-20180 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

CVE-2021-20191 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVE-2021-20191 (SUSE): 5 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2022:3178-1

Rating: important

Topics Covered

security advisory critical issue software update important SUSE threat management manager tools

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3178-1 Important: Manager Client Tools Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3178-1 Important: Manager Client Tools Security Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!