Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 1 articles for you...
197
security advisorycriticaldebianDebian 11: Mistral-Dashboard Critical Local File Inclusion DLA-4392-1
A local file inclusion vulnerability has been discovered in mistral- dashboard, the OpenStack Workflow as a Service dashboard plugin, that may result in disclosure of arbitrary local files content through the . ------------------------------------------------------------------------- Debian LTS Advisory DLA-4392-1
Dec 01, 2025
•Critical
Debian LTS
197
security advisorydebianopenstackDebian LTS: DLA-3873-1 Moderate: Nova Arbitrary File Disclosure
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3873-1
Sep 04, 2024
Debian LTS
197
security advisorysecurity updatedebianDebian 11: DLA-3872-1 Critical: Glance Arbitrary File Disclosure
Martin Kaesberger discovered a vulnerability which affects multiple OpenStack components (Nova, Glance and Cinder): Malformed QCOW2 disk images may result in the disclosure of arbitrary files. . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3872-1
Sep 04, 2024
•Critical
Debian LTS
100
security advisorycriticalcross site scriptingSUSE: 2022:3878-1 Critical: SUSE Manager Server Security Patch
An update that solves three vulnerabilities and has 18 fixes is now available. . SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3878-1 Rating: critical References: #1195624 #1197724 #1199726 #1200596 #1201059 #1201788 #1202167 #1202729 #1202785 #1203283 #1203406 #1203422 #1203564 #1203599 #1203611 #1203898 #1204146 #1204203 #1204543 #1204716 #1204741 Cross-References: CVE-2022-31255 CVE-2022-43753 CVE-2022-43754 CVSS scores: CVE-2022-43753 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2022-43754 (SUSE): 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 18 fixes is now available. Description: This update fixes the following issues: hub-xmlrpc-api: - Use golang(API) = 1.18 for building on SUSE (bsc#1203599) This source fails to build with the current go1.19 on SUSE and we need to use go1.18 instead. inter-server-sync: - Version 0.2.4 * Improve memory usage and log information #17193 * Conditional insert check for FK reference exists (bsc#1202785) * Correct navigation path for table rhnerratafilechannel (bsc#1202785) locale-formula: - Update to version 0.3 * Remove .map.gz from kb_map dictionary (bsc#1203406) py27-compat-salt: - Fix state.apply in test mode with file state module on user/group checking (bsc#1202167) - Make zypperpkg to retry if RPM lock is temporarily unavailable (bsc#1200596) python-urlgrabber: - Fix wrong logic on find_proxymethod causing proxy not being used (bsc#1201788) spacecmd: - Version 4.2.20-1 * Remove "Undefined return code" from debug messages (bsc#1203283) spacewalk-backend: - Version 4.2.25-1 * Enhance passwords cleanup and add extra files in spacewalk-debug (bsc#1201059) * Prevent mixing credentials for proxy and repository server while using basic authentication and avoid hiding errors i.e. timeouts while having proxy settings issues with extra logging in verbose mode (bsc#1201788) spacewalk-client-tools: - Version 4.2.21-1 * Update translation strings spacewalk-java: - Version 4.2.43-1 * CVE-2022-31255: Fix directory path traversal vulnerability (bsc#1204543) * CVE-2022-43754: Fix reflected cross site scripting vulnerability (bsc#1204741) * CVE-2022-43753: Fix arbitrary file disclosure vulnerability (bsc#1204716) - Version 4.2.42-1 * Properly pass allow vendor change to salt state (bsc#1204203) * add ongres requirements to spec file (bsc#1203898) * Refresh pillar data (bsc#1197724) * Fix hardware update where there is no DNS FQDN changes (bsc#1203611) * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726) * Support Pay-as-you-go new CA location for SLES15SP4 and higher (bsc#1202729) * Detect the clients running on Amazon EC2 (bsc#1195624) spacewalk-utils: - Version 4.2.18-1 * Make spacewalk-hostname-rename working with settings.yaml cobbler config file (bsc#1203564) spacewalk-web: - Version 4.2.30-1 * Upgrade moment-timezone susemanager: - Version 4.2.38-1 * add venv-salt-minion to bootstrap repo (bsc#1204146) susemanager-doc-indexes: - Documented that only SUSE clients are supported as monitoring servers in the Administration Guide - Fixed description of default notification settings (bsc#1203422) - Added missing Debian 11 references - Removed references to Debian 9, asit is EoL, and therefore unsupported by SUSE Manager - Document Helm deployment of the proxy on k3s and MetalLB in Installation and Upgrade Guide - Added secure mail communication settings in Administration Guide - Fixed the incorrect path to state and pillar files in Salt Guide - Documented how pxeboot works with Secure Boot enabled in Client Configuration Guide - Added SLE Micro 5.2 and 5.3 as available as a technology preview in the Client Configuration Guide, and the IBM Z architecture for 5.1, 5.2, and 5.3 susemanager-docs_en: - Documented that only SUSE clients are supported as monitoring servers in the Administration Guide - Fixed description of default notification settings (bsc#1203422) - Added missing Debian 11 references - Removed references to Debian 9, as it is EoL, and therefore unsupported by SUSE Manager - Document Helm deployment of the proxy on k3s and MetalLB in Installation and Upgrade Guide - Added secure mail communication settings in Administration Guide - Fixed the incorrect path to state and pillar files in Salt Guide - Documented how pxeboot works with Secure Boot enabled in Client Configuration Guide - Added SLE Micro 5.2 and 5.3 as available as a technology preview in the Client Configuration Guide, and the IBM Z architecture for 5.1, 5.2, and 5.3 susemanager-schema: - Version 4.2.25-1 * Add subtypes for Amazon EC2 virtual instances (bsc#1195624) susemanager-sls: - Version 4.2.28-1 * Fix mgrnet availability check * Remove dependence on Kiwi libraries * Use mgrnet.dns_fqdns module to improve FQDN detection (bsc#1199726) * Add mgrnet salt module with mgrnet.dns_fqnd function implementation allowing to get all possible FQDNs from DNS (bsc#1199726) How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch orYaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3878=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): hub-xmlrpc-api-0.7-150300.3.9.2 inter-server-sync-0.2.4-150300.8.25.2 inter-server-sync-debuginfo-0.2.4-150300.8.25.2 susemanager-4.2.38-150300.3.44.3 susemanager-tools-4.2.38-150300.3.44.3 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): locale-formula-0.3-150300.3.3.2 py27-compat-salt-3000.3-150300.7.7.26.2 python3-spacewalk-client-tools-4.2.21-150300.4.27.3 python3-urlgrabber-3.10.2.1py2_3-150300.3.3.2 spacecmd-4.2.20-150300.4.30.2 spacewalk-backend-4.2.25-150300.4.32.4 spacewalk-backend-app-4.2.25-150300.4.32.4 spacewalk-backend-applet-4.2.25-150300.4.32.4 spacewalk-backend-config-files-4.2.25-150300.4.32.4 spacewalk-backend-config-files-common-4.2.25-150300.4.32.4 spacewalk-backend-config-files-tool-4.2.25-150300.4.32.4 spacewalk-backend-iss-4.2.25-150300.4.32.4 spacewalk-backend-iss-export-4.2.25-150300.4.32.4 spacewalk-backend-package-push-server-4.2.25-150300.4.32.4 spacewalk-backend-server-4.2.25-150300.4.32.4 spacewalk-backend-sql-4.2.25-150300.4.32.4 spacewalk-backend-sql-postgresql-4.2.25-150300.4.32.4 spacewalk-backend-tools-4.2.25-150300.4.32.4 spacewalk-backend-xml-export-libs-4.2.25-150300.4.32.4 spacewalk-backend-xmlrpc-4.2.25-150300.4.32.4 spacewalk-base-4.2.30-150300.3.30.3 spacewalk-base-minimal-4.2.30-150300.3.30.3 spacewalk-base-minimal-config-4.2.30-150300.3.30.3 spacewalk-client-tools-4.2.21-150300.4.27.3 spacewalk-html-4.2.30-150300.3.30.3 spacewalk-java-4.2.43-150300.3.48.2 spacewalk-java-config-4.2.43-150300.3.48.2 spacewalk-java-lib-4.2.43-150300.3.48.2 spacewalk-java-postgresql-4.2.43-150300.3.48.2 spacewalk-taskomatic-4.2.43-150300.3.48.2 spacewalk-utils-4.2.18-150300.3.21.2 spacewalk-utils-extras-4.2.18-150300.3.21.2 susemanager-doc-indexes-4.2-150300.12.36.3 susemanager-docs_en-4.2-150300.12.36.2 susemanager-docs_en-pdf-4.2-150300.12.36.2 susemanager-schema-4.2.25-150300.3.30.3 susemanager-sls-4.2.28-150300.3.36.2 uyuni-config-modules-4.2.28-150300.3.36.2 References: https://www.suse.com/security/cve/CVE-2022-31255.html https://www.suse.com/security/cve/CVE-2022-43753.html https://www.suse.com/security/cve/CVE-2022-43754.html https://bugzilla.suse.com/1195624 https://bugzilla.suse.com/1197724 https://bugzilla.suse.com/1199726 https://bugzilla.suse.com/1200596 https://bugzilla.suse.com/1201059 https://bugzilla.suse.com/1201788 https://bugzilla.suse.com/1202167 https://bugzilla.suse.com/1202729 https://bugzilla.suse.com/1202785 https://bugzilla.suse.com/1203283 https://bugzilla.suse.com/1203406 https://bugzilla.suse.com/1203422 https://bugzilla.suse.com/1203564 https://bugzilla.suse.com/1203599 https://bugzilla.suse.com/1203611 https://bugzilla.suse.com/1203898 https://bugzilla.suse.com/1204146 https://bugzilla.suse.com/1204203 https://bugzilla.suse.com/1204543 https://bugzilla.suse.com/1204716 https://bugzilla.suse.com/1204741 . Important update released for SUSE Manager Server 4.2 addressing various problems and improving security functionalities.. Patch Management,SUSE Manager Server,Security Advisory. . Severity: Critical. LinuxSecurity.com Team
Nov 04, 2022
•Critical
SuSE
100
security advisorycriticalcross site scriptingSUSE: 2022:3880-1 Critical: Spacewalk-Java Security Update
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for spacewalk-java ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3880-1 Rating: critical References: #1204543 #1204716 #1204741 Cross-References: CVE-2022-31255 CVE-2022-43753 CVE-2022-43754 CVSS scores: CVE-2022-43753 (SUSE): 5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N CVE-2022-43754 (SUSE): 3 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.3 SUSE Manager Server 4.3 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for spacewalk-java fixes the following issues: - CVE-2022-31255: Fix directory path traversal vulnerability (bsc#1204543) - CVE-2022-43754: Fix reflected cross site scripting vulnerability (bsc#1204741) - CVE-2022-43753: Fix arbitrary file disclosure vulnerability (bsc#1204716) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3880=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.3 (noarch): spacewalk-java-4.3.39-150400.3.11.1 spacewalk-java-config-4.3.39-150400.3.11.1 spacewalk-java-lib-4.3.39-150400.3.11.1 spacewalk-java-postgresql-4.3.39-150400.3.11.1 spacewalk-taskomatic-4.3.39-150400.3.11.1 References: https://www.suse.com/security/cve/CVE-2022-31255.html https://www.suse.com/security/cve/CVE-2022-43753.html https://www.suse.com/security/cve/CVE-2022-43754.html https://bugzilla.suse.com/1204543 https://bugzilla.suse.com/1204716 https://bugzilla.suse.com/1204741 . The recent patch addresses major concerns in spacewalk-java linked to SUSE Manager Server, rectifying three identified security flaws.. spacewalk-java Update,SUSE Manager Security Patch,critical Security Issues. . Severity: Critical. LinuxSecurity.com Team
Nov 04, 2022
•Critical
SuSE
89
security advisoryFedoranetwork managementFedora 35 Security Update: Moderate Cobbler Issues Resolved and Improved
* Migrate settings to settings.yaml * Migrate pre-cobbler 3 data if needed * Fix autoinstall_templates -> templates ---- Update to 3.2.2 New: --- * Signatures: Add ESXi 7.0 U1 #2525 #2526 #2442 * AlmaLinux & RockyLinux are now supported * Signatures: Add generic openSUSE Leap 15 #2508 * Settings: Use .yaml as a file extension #2531 * Settings: Validate what settings we have in. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2021-3a640d3d4c 2021-09-29 00:16:07.673853 --------------------------------------------------------------------------------Name : cobbler Product : Fedora 35 Version : 3.2.2 Release : 2.fc35 URL : https://cobbler.github.io/ Summary : Boot server configurator Description : Cobbler is a network install server. Cobbler supports PXE, ISO virtualized installs, and re-installing existing Linux machines. The last two modes use a helper tool, 'koan', that integrates with cobbler. There is also a web interface 'cobbler-web'. Cobbler's advanced features include importing distributions from DVDs and rsync mirrors, kickstart templating, integrated yum mirroring, and built-in DHCP/DNS Management. Cobbler has a XML-RPC API for integration with other applications. --------------------------------------------------------------------------------Update Information: * Migrate settings to settings.yaml * Migrate pre-cobbler 3 data if needed * Fix autoinstall_templates -> templates ---- Update to 3.2.2 New: --- * Signatures: Add ESXi 7.0 U1 #2525 #2526 #2442 * AlmaLinux & RockyLinux are now supported * Signatures: Add generic openSUSE Leap 15 #2508 * Settings: Use .yaml as a file extension #2531 * Settings: Validate what settings we have in the YAML-File #2533 #2419 #2530 * Modules: We now support automatic Windows installations #2466 * Docs: Terraform provider now included #2166 #2528 Changes: ----- * Web Frontend: Show VMware as a breed #2449 * Logging check fails with SELinux #2440 #2441 * Typing: Convert docstring types to typing types #2564 * ESXi Support: Now partly supported #2541 * ipmitool now is upstream supported by fence_agents via ipmilanplus #2542 * cobbler version remove the b prefix #2543 * We are now using inst.ks instead of ks #2534 * Use the python-file bindings instead of a subprocess call #2482 #2480 * Web Interface: Make new user management more obvious #2484 Bugfixes: -----* Remove redundant .json suffix: #2451 #2376 #2545 #2529 * PAM Authentication failures are fixed now: #2400 #2444 * Templating: Fix Cheetah macros #2570 #2509 #2403 * Templating: Fix regex replacements #2513 * Templating: Add http_port to all snippets we are aware of #2058 * API: Have the legacy fields kickstart and ks_meta present at all times. #2311 #2568 * Replicate: revert_strip_none prior adding an object on replicate #2548 #2505 * Replicate: Fix paths during replication #2516 * Web interface: Fix snippet path #2520 * Web interface: Prevent duplicate pathing of snippets #2485 * Fix script path from Cobbler #2479 #2478 * Settings: Add missing rsync flags option #2467 #2468 * Startup: Cobbler starts with sub-profiles now #2259 #2450 * Web: Permissions for /var/lib/cobbler/web.ss #2439 #2452 * Power management: Follow the fence_agent return codes #1491 * cobbler check: Fix dnsmasq check #2155 Other: ---- * Cleanup unused import #2551 * Docs: Improvements at various places #2547 #2481 #2473 #1801 #2228 * Removed unused multi-language support #2532 * Un-categorized improvements #2524 #2464 * Items: Streamline template_types type in all items #2262 Breaking Changes: ----* Possibly the settings file is not correctly migrated and needs to be manually adjusted. * Rename settings to settings.yaml * Add all keys which are missing. List will be available in /var/log/cobbler/cobbler.log. * We dropped support for CentOS 7 since no full Python 3 stack is available#2515 Fedora --- * bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection * bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function * bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings --------------------------------------------------------------------------------ChangeLog: * Thu Sep 23 2021 Orion Poplawski - 3.2.2-2 - Migrate settings to settings.yaml - Migrate pre-cobbler 3 data if needed - Fix autoinstall_templates -> templates * Thu Sep 23 2021 Orion Poplawski - 3.2.2-1 - Update to 3.2.2 - bz#2006840: CVE-2021-40323: Arbitrary file disclosure/Template Injection - bz#2006897: CVE-2021-40324: Arbitrary file write via upload_log_data XMLRPC function - bz#2006904: CVE-2021-40325: Authorization bypass allows modifying settings * Wed Sep 22 2021 Orion Poplawski - 3.2.1-1 - Update to 3.2.1 --------------------------------------------------------------------------------References: [ 1 ] Bug #2006840 - CVE-2021-40323 cobbler: Arbitrary File Disclosure/Template Injection via generate_script RPC method https://bugzilla.redhat.com/show_bug.cgi?id=2006840 [ 2 ] Bug #2006897 - CVE-2021-40324 cobbler: Arbitrary file write via upload_log_data XMLRPC function https://bugzilla.redhat.com/show_bug.cgi?id=2006897 [ 3 ] Bug #2006904 - CVE-2021-40325 cobbler: Authorization bypass allows modifying settings https://bugzilla.redhat.com/show_bug.cgi?id=2006904 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2021-3a640d3d4c' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be foundat https://fedoraproject.org/security/ --------------------------------------------------------------------------------_______________________________________________ package-announce mailing list --
Sep 28, 2021
Fedora
100
security advisoryupdatecriticalSUSE: 2021:3170-1 Critical: SUSE Manager Server 4.2 Issues Resolved
An update that solves three vulnerabilities and has 25 fixes is now available. . SUSE Security Update: Security update for SUSE Manager Server 4.2 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3170-1 Rating: critical References: #1171483 #1173143 #1181223 #1186281 #1186339 #1187335 #1187549 #1188032 #1188042 #1188136 #1188163 #1188193 #1188260 #1188393 #1188400 #1188503 #1188505 #1188551 #1188641 #1188647 #1188656 #1188853 #1188855 #1189011 #1189040 #1189167 #1189419 #1189458 Cross-References: CVE-2021-40323 CVE-2021-40324 CVE-2021-40325 Affected Products: SUSE Linux Enterprise Module for SUSE Manager Server 4.2 ______________________________________________________________________________ An update that solves three vulnerabilities and has 25 fixes is now available. Description: This update fixes the following issues: branch-network-formula: - Use kernel parameters from PXE formula also for local boot cobbler - security issues fixed: - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458) - CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458) - CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458) - Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to cobbler may be rejected: cpu-mitigations-formula: - Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions openvpn-formula: - Changed package to noarch. prometheus-exporters-formula: - Fix formula data migration with missing exporter configuration (bsc#1188136) py26-compat-salt: - Fix error handling in openscap module (bsc#1188647) - Define license macro as doc in spec file if not existing py27-compat-salt: - Addmissing aarch64 to rpm package architectures - Consolidate some state requisites (bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing saltboot-formula: - Use kernel parameters from PXE formula also for local boot spacecmd: - Update translation strings - Make schedule_deletearchived to get all actions without display limit - Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) spacewalk-backend: - Update translation strings - Fix typo "verfication" instead of "verification" spacewalk-certs-tools: - Prepare the bootstrap script generator for Rocky Linux 8 spacewalk-client-tools: - Update translation strings spacewalk-java: - Show AppStreams tab just for modular channels - Fix Json null comparison in virtual network info parsing (bsc#1189167) - Update translation strings - 'AppStreams with defaults' filter template in CLM - Add a link to OS image store dir in image list page - Do not log XMLRPC fault exceptions as errors (bsc#1188853) - XMLRPC: Add call for listing application monitoring endpoints - AppStreams tab for modular channels - Link to CLM filter creation from system details page - Allow getting all archived actions via XMLRPC without display limit (bsc#1181223) - Fix NPE when no redhat info could be fetched - Java enablement for Rocky Linux 8 - Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163) - Properly handle virtual networks without defined bridge (bsc#1189167) - Mark SSH minion actions when they're picked up (bsc#1188505) - Add UEFI support for VM creation / editing - Add virt-tuner templates to VMcreation - Fix cleanup always being executed on delete system (bsc#1189011) - Warning in Overview page for SLE Micro system (bsc#1188551) - Add support for Kiwi options - Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260) - Fix NullPointerException in HardwareMapper.getUpdatedGuestMemory - Fix entitlements not being updated during system transfer (bsc#1188032) - Simplify the VM creation action in DB - Get CPU data for AArch64 - Handle virtual machines running on pacemaker cluster - Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393) - Add Beijing timezone to selectable timezones (bsc#1188193) - Fix updating primary net interface on hardware refresh (bsc#1188400) - Fix issues when removing archived actions using XMLRPC api (bsc#1181223) - Readable error when "mgr-sync add channel" is called with a no-existing label (bsc#1173143) spacewalk-setup: - Enable logging for salt SSH - Increase max size for uploaded files to Salt master spacewalk-utils: - Add Rocky Linux 8 repositories spacewalk-web: - Don't capitalize acronyms - Update translation strings - 'AppStreams with defaults' filter template in CLM - Add a link to OS image store dir in image list page - Link to CLM filter creation from system details page - Expose UEFI parameters in the VM creation/editing pages - Add virt-tuner templates to VM creation - Fix cleanup always being executed on delete system (bsc#1189011) - Add support for Kiwi options - Fix virtualization guests to handle null HostInfo - Compare lowercase CPU arch with libvirt domain capabilities - Refresh JWT virtual console token before it expires - Handle virtual machines running on pacemaker cluster susemanager: - Abort migration if data_directory is defined at the PostgreSQL configuration file - Update translation strings - Add bootstrap repository definitions for Rocky Linux 8 susemanager-build-keys: - Add Debian 11 - Add Rocky Linux 8 susemanager-doc-indexes: - Added SUSE Linux Enterprise 15 Service Pack 3 to clients list - Add information about pam service name limitations - Add SUSE Linux Enterprise Micro to supported features table - Add SUSE Linux Enterprise Micro client to support matrix page - Replaced remaining occurrences of "Service Pack Migration" to "Product Migration" - Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide - Added missing Rocky instructions to the Client Configuration Guide - Updated setup section in the Installation Guide about troubleshooting freely available products - Added channel synchronization warning in the product migration chapter of the Client Configuration Guide - Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656) - In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855) - Additional information added for Inter Server Sync v2 on limitations and configuration - Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419) - Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335) - Corrected the package name for PAM authentication (bsc#1171483) - Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience - In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server - Added a warning on Ansiblehardware requirements to the Retail Guide - Improved warning on over-writing images in public cloud in the Client Configuration Guide - Reference Guide: removed underscores in page titles and nav bar links. - Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549) - Documented KIWI options and profile selection in Administration Guide - Added note about autoinstallation kernel options and Azure clients - Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription - Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section - In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server - Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339) - Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide - Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients susemanager-docs_en: - Added SUSE Linux Enterprise 15 Service Pack 3 to clients list - Add information about pam service name limitations - Add SUSE Linux Enterprise Micro to supported features table - Add SUSE Linux Enterprise Micro client to support matrix page - Replaced remaining occurrences of "Service Pack Migration" to "Product Migration" - Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide - Added missing Rocky instructions to the Client Configuration Guide - Updated setup section in the Installation Guide about troubleshooting freely available products - Added channel synchronization warning in the product migration chapter of the Client Configuration Guide - Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6,Oracle Linux 6, CentOS 6, and Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656) - In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855) - Additional information added for Inter Server Sync v2 on limitations and configuration - Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration chapter of the Administration Guide (bsc#1189419) - Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335) - Corrected the package name for PAM authentication (bsc#1171483) - Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other clients in alphabetical order for better user experience - In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch Server - Added a warning on Ansible hardware requirements to the Retail Guide - Improved warning on over-writing images in public cloud in the Client Configuration Guide - Reference Guide: removed underscores in page titles and nav bar links. - Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549) - Documented KIWI options and profile selection in Administration Guide - Added note about autoinstallation kernel options and Azure clients - Added general information about SUSE Manager registration code that you can obtain from a "SUSE Manager Lifecycle Management+" subscription - Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section - In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch Server - Added warning on Prometheus hardware requirements in theRetail Guide (bsc#1186339) - Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide - Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle clients susemanager-schema: - Add Rocky Linux 8 key and vendor - Fix wrongly assigned entitlements due to system transfer (bsc#1188032) - Force a one-off VACUUM ANALYZE - Add Kiwi commandline options to Kiwi profile - Upgrade scripts idempotency fixes - Simplify the VM creation action in DB - Handle virtual machines running on pacemaker cluster - Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393) - Add Beijing timezone to selectable timezones (bsc#1188193) susemanager-sls: - Add Rocky Linux 8 support - Enable logrotate configuration for Salt SSH minion logs - Add UEFI support for VM creation - Add virt-tuner templates to VM creation - Handle more ocsf2 setups in virt_utils module - Add missing symlinks to generate the "certs" state for SLE Micro 5.0 and openSUSE MicroOS minions (bsc#1188503) - Add findutils to Kiwi bootstrap packages - Remove systemid file on salt client cleanup - Add support for Kiwi options - Skip 'update-ca-certificates' run if the certs are updated automatically - Use lscpu to provide more CPU grains for all architectures - Fix deleting stopped virtual network (bsc#1186281) - Handle virtual machines running on pacemaker cluster susemanager-sync-data: - Support Rocky Linux 8 x86_64 - Add channel family for MicroOS Z - Set OES 2018 SP3 to released How to apply this update: 1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk service: `spacewalk-service stop` 3. Apply the patch using either zypper patch or YaST Online Update. 4. Start the Spacewalk service: `spacewalk-service start` Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods likeYaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2: zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3170=1 Package List: - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (ppc64le s390x x86_64): inter-server-sync-0.0.5-8.3.2 inter-server-sync-debuginfo-0.0.5-8.3.2 susemanager-4.2.22-3.6.1 susemanager-tools-4.2.22-3.6.1 - SUSE Linux Enterprise Module for SUSE Manager Server 4.2 (noarch): branch-network-formula-0.1.1628156312.dbd0dec-3.3.1 cobbler-3.1.2-5.8.1 cpu-mitigations-formula-0.4.0-3.3.1 openvpn-formula-0.1.2-3.3.1 prometheus-exporters-formula-1.0.3-3.6.1 py26-compat-salt-2016.11.10-11.28.6.1 py27-compat-salt-3000.3-7.7.8.1 python3-spacewalk-certs-tools-4.2.12-3.6.2 python3-spacewalk-client-tools-4.2.13-4.6.3 saltboot-formula-0.1.1628156312.dbd0dec-3.3.1 spacecmd-4.2.12-4.6.2 spacewalk-backend-4.2.16-4.6.3 spacewalk-backend-app-4.2.16-4.6.3 spacewalk-backend-applet-4.2.16-4.6.3 spacewalk-backend-config-files-4.2.16-4.6.3 spacewalk-backend-config-files-common-4.2.16-4.6.3 spacewalk-backend-config-files-tool-4.2.16-4.6.3 spacewalk-backend-iss-4.2.16-4.6.3 spacewalk-backend-iss-export-4.2.16-4.6.3 spacewalk-backend-package-push-server-4.2.16-4.6.3 spacewalk-backend-server-4.2.16-4.6.3 spacewalk-backend-sql-4.2.16-4.6.3 spacewalk-backend-sql-postgresql-4.2.16-4.6.3 spacewalk-backend-tools-4.2.16-4.6.3 spacewalk-backend-xml-export-libs-4.2.16-4.6.3 spacewalk-backend-xmlrpc-4.2.16-4.6.3 spacewalk-base-4.2.21-3.6.3 spacewalk-base-minimal-4.2.21-3.6.3 spacewalk-base-minimal-config-4.2.21-3.6.3 spacewalk-certs-tools-4.2.12-3.6.2 spacewalk-client-tools-4.2.13-4.6.3 spacewalk-html-4.2.21-3.6.3 spacewalk-java-4.2.28-3.11.5 spacewalk-java-config-4.2.28-3.11.5 spacewalk-java-lib-4.2.28-3.11.5 spacewalk-java-postgresql-4.2.28-3.11.5 spacewalk-setup-4.2.8-3.6.1 spacewalk-taskomatic-4.2.28-3.11.5 spacewalk-utils-4.2.13-3.6.1 spacewalk-utils-extras-4.2.13-3.6.1 susemanager-build-keys-15.3.5-3.3.1 susemanager-build-keys-web-15.3.5-3.3.1 susemanager-doc-indexes-4.2-12.8.1 susemanager-docs_en-4.2-12.8.1 susemanager-docs_en-pdf-4.2-12.8.1 susemanager-schema-4.2.17-3.6.2 susemanager-sls-4.2.16-3.6.1 susemanager-sync-data-4.2.8-3.6.1 susemanager-web-libs-4.2.21-3.6.3 uyuni-config-modules-4.2.16-3.6.1 References: https://www.suse.com/security/cve/CVE-2021-40323.html https://www.suse.com/security/cve/CVE-2021-40324.html https://www.suse.com/security/cve/CVE-2021-40325.html https://bugzilla.suse.com/1171483 https://bugzilla.suse.com/1173143 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1186281 https://bugzilla.suse.com/1186339 https://bugzilla.suse.com/1187335 https://bugzilla.suse.com/1187549 https://bugzilla.suse.com/1188032 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188136 https://bugzilla.suse.com/1188163 https://bugzilla.suse.com/1188193 https://bugzilla.suse.com/1188260 https://bugzilla.suse.com/1188393 https://bugzilla.suse.com/1188400 https://bugzilla.suse.com/1188503 https://bugzilla.suse.com/1188505 https://bugzilla.suse.com/1188551 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188656 https://bugzilla.suse.com/1188853 https://bugzilla.suse.com/1188855 https://bugzilla.suse.com/1189011 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189167 https://bugzilla.suse.com/1189419 https://bugzilla.suse.com/1189458 . Critical update resolves security flaws in SUSE Manager Server 4.2, enhancing overall system protection and functionality.. SUSE Manager ServerSecurity Update,Critical Security Flaws,Software Fixes. . Severity: Critical. LinuxSecurity.com Team
Sep 20, 2021
•Critical
SuSE
202
security advisorysecurity updateDoSopenSUSE Leap 42.3: 2019:1217-1 Important: openwsman DoS and Disclosure
An update that fixes two vulnerabilities is now available.. openSUSE Security Update: Security update for openwsman ______________________________________________________________________________ Announcement ID: openSUSE-SU-2019:1217-1 Rating: important References: #1092206 #1122623 Cross-References: CVE-2019-3816 CVE-2019-3833 Affected Products: openSUSE Leap 42.3 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for openwsman fixes the following issues: Security issues fixed: - CVE-2019-3816: Fixed a vulnerability in openwsmand deamon which could lead to arbitary file disclosure (bsc#1122623). - CVE-2019-3833: Fixed a vulnerability in process_connection() which could allow an attacker to trigger an infinite loop which leads to Denial of Service (bsc#1122623). Other issues addressed: - Directory listing without authentication fixed (bsc#1092206). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 42.3: zypper in -t patch openSUSE-2019-1217=1 Package List: - openSUSE Leap 42.3 (x86_64): libwsman-devel-2.6.7-4.3.1 libwsman3-2.6.7-4.3.1 libwsman3-debuginfo-2.6.7-4.3.1 libwsman_clientpp-devel-2.6.7-4.3.1 libwsman_clientpp1-2.6.7-4.3.1 libwsman_clientpp1-debuginfo-2.6.7-4.3.1 openwsman-debugsource-2.6.7-4.3.1 openwsman-java-2.6.7-4.3.1 openwsman-perl-2.6.7-4.3.1 openwsman-perl-debuginfo-2.6.7-4.3.1 openwsman-python-2.6.7-4.3.1 openwsman-python-debuginfo-2.6.7-4.3.1 openwsman-ruby-2.6.7-4.3.1 openwsman-ruby-debuginfo-2.6.7-4.3.1 openwsman-ruby-docs-2.6.7-4.3.1 openwsman-server-2.6.7-4.3.1 openwsman-server-debuginfo-2.6.7-4.3.1 openwsman-server-plugin-ruby-2.6.7-4.3.1 openwsman-server-plugin-ruby-debuginfo-2.6.7-4.3.1 winrs-2.6.7-4.3.1 References: https://www.suse.com/security/cve/CVE-2019-3816.html https://www.suse.com/security/cve/CVE-2019-3833.html https://bugzilla.suse.com/1092206 https://bugzilla.suse.com/1122623 -- . A vital security patch for openwsman addresses two significant vulnerabilities in openSUSE Leap 42.3, complete with essential guidelines for implementation.. openSUSE Update, Openwsman Security, Important Security Fixes, Denial of Service, Arbitrary File Disclosure. . Severity: Important. LinuxSecurity.com Team
Apr 16, 2019
•Important
OpenSUSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!