Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 436
Alerts This Week
Warning Icon 1 436

SUSE: 2022:3314-1 Critical: Addressing Key Security Issues

suse
Calendar Grey September 19, 2022
Dist Suse Esm H88
Essential update for SUSE Manager Server 4.2 resolves four severe vulnerabilities and includes 35 improvements for better protection.
An update that solves four vulnerabilities and has 35 fixes is now available

Summary

This update fixes the following issues: drools: - CVE-2021-41411: XML External Entity injection in KieModuleModelImpl.java. (bsc#1200629) httpcomponents-asyncclient: - Provide maven metadata needed by other packages to build image-sync-formula: - Update to version 0.1.1661440526.b08d95b * Add option to sort boot images by version (bsc#1196729) inter-server-sync: - Version 0.2.3 * Compress exported sql data #16631 * Add gzip dependency to decompress data file during import process patterns-suse-manager: - Strictly require OpenJDK 11 (bsc#1202142) py27-compat-salt: - Add support for gpgautoimport in zypperpkg module - Fix salt.states.file.managed() for follow_symlinks=True and test=True (bsc#1199372) - Add support for name, pkgs and diff_attr parameters to upgrade function

References

#1172705 #1187028 #1195455 #1195895 #1196729

#1198168 #1198489 #1198738 #1198903 #1199372

#1199659 #1199913 #1199950 #1200276 #1200296

#1200480 #1200532 #1200573 #1200591 #1200629

#1201142 #1201189 #1201210 #1201220 #1201224

#1201527 #1201606 #1201607 #1201626 #1201753

#1201913 #1201918 #1202142 #1202272 #1202464

#1202728 #1203287 #1203288 #1203449

Cross- CVE-2021-41411 CVE-2021-42740 CVE-2021-43138

CVE-2022-31129

CVSS scores:

CVE-2021-41411 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-41411 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2021-42740 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2021-42740 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:3314-1
Rating: critical

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.