Stay Secure with the Latest Linux Advisories

security advisorysecurity issuemoderate severity

SUSE Manager Client Tools: Security Beta Update 2021:3904-1 Moderate Risk

An update that solves one vulnerability, contains one feature and has 26 fixes is now available. . SUSE Security Update: Security Beta update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3904-1 Rating: moderate References: #1164192 #1167586 #1168327 #1173692 #1180650 #1181223 #1184659 #1185131 #1186287 #1186310 #1186581 #1186674 #1187787 #1187813 #1188042 #1188170 #1188641 #1188647 #1188977 #1189040 #1189043 #1190114 #1190265 #1190446 #1190512 #1191412 #1191431 ECO-3319 Cross-References: CVE-2021-21996 CVSS scores: CVE-2021-21996 (SUSE): 4.2 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:L Affected Products: SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA ______________________________________________________________________________ An update that solves one vulnerability, contains one feature and has 26 fixes is now available. Description: This update fixes the following issues: salt: - Remove wrong _parse_cpe_name from grains.core - Prevent tracebacks if directory for cookie is missing - Fix file.find tracebacks with non utf8 file names (bsc#1190114) - Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412) - Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446) - Fix traceback.*_exc() calls - Fix the regression of docker_container state module - Support querying for JSON data in external sql pillar - Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996) - Fix wrong relative paths resolution with Jinja renderer when importing subdirectories - Fix python-MarkupSafe dependency (bsc#1189043) - Add missing aarch64 to rpm package architectures - Consolidate some state requisites(bsc#1188641) - Fix failing unit test for systemd - Fix error handling in openscap module (bsc#1188647) - Better handling of bad public keys from minions (bsc#1189040) - Define license macro as doc in spec file if not existing - Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327) - Do noop for services states when running systemd in offline mode (bsc#1187787) - Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170) - Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787) - Enhance openscap module: add "xccdf_eval" call - Virt: pass emulator when getting domain capabilities from libvirt - Implementation of held/unheld functions for state pkg (bsc#1187813) - Fix exception in yumpkg.remove for not installed package - Fix save for iptables state module (bsc#1185131) - Virt: use /dev/kvm to detect KVM - Zypperpkg: improve logic for handling vendorchange flags - Add bundled provides for tornado to the spec file - Enhance logging when inotify beacon is missing pyinotify (bsc#1186310) - Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros - Check if dpkgnotify is executable (bsc#1186674) - Detect Python version to use inside container (bsc#1167586) (bsc#1164192) - Handle volumes on stopped pools in virt.vm_info (bsc#1186287) - Grains.extra: support old non-intel kernels (bsc#1180650) - Fix missing minion returns in batch mode (bsc#1184659) - Parsing Epoch out of version provided during pkg remove (bsc#1173692) scap-security-guide: - Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431). - Updated to 0.1.58 release (jsc#ECO-3319) - Support for Script Checking Engine (SCE) - Split RHEL 8 CIS profile using new controls file format - CIS Profiles for SLE12 - Initial Ubuntu 20.04 STIG Profiles - Addition of an automated CCE adder - Updated to0.1.57 release (jsc#ECO-3319) - CIS profile for RHEL 7 is updated - initial CIS profiles for Ubuntu 20.04 - Major improvement of RHEL 9 content - new release process implemented using Github actions - Specify the maintainer, for deb packages. - Updated to 0.1.56 release (jsc#ECO-3319) - Align ism_o profile with latest ISM SSP (#6878) - Align RHEL 7 STIG profile with DISA STIG V3R3 - Creating new RHEL 7 STIG GUI profile (#6863) - Creating new RHEL 8 STIG GUI profile (#6862) - Add the RHEL9 product (#6801) - Initial support for SUSE SLE-15 (#6666) - add support for osbuild blueprint remediations (#6970) - Updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319) - initial SLES15 STIG added - more SLES 12 STIG work - correct tables and cross references for SLES 12 and 15 STIG - Updated to 0.1.55 release (jsc#ECO-3319) - big update of rules used in SLES-12 STIG profile - Render policy to HTML (#6532) - Add variable support to yamlfile_value template (#6563) - Introduce new template for dconf configuration files (#6118) - Avoid some non sles12 sp2 available macros. spacecmd: - Version 4.3.4-1 * Update translation strings - Version 4.3.3-1 * Improved event history listing and added new system_eventdetails command to retrieve the details of an event * configchannel_updatefile handles directory properly (bsc#1190512) - Version 4.3.2-1 * Add schedule_archivecompleted to mass archive actions (bsc#1181223) * Make schedule_deletearchived to get all actions without display limit * Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223) * Remove whoami from the list of unauthenticated commands (bsc#1188977) - Version 4.3.1-1 - Use correct API endpoint in list_proxies (bsc#1188042) - Add schedule_deletearchived to bulk delete archived actions (bsc#1181223) - Make spacecmd aware of retracted patches/packages -Version 4.2.10-1 - Enhance help for installation types when creating distributions (bsc#1186581) - Version 4.2.9-1 - Parse empty argument when nothing in between the separator Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA: zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-BETA-2021-3904=1 Package List: - SUSE Manager Debian 9.0-CLIENT-TOOLS-BETA (all): salt-common-3000+ds-1+2.18.1 salt-minion-3000+ds-1+2.18.1 scap-security-guide-debian-0.1.58-2.6.1 spacecmd-4.3.4-2.18.1 References: https://www.suse.com/security/cve/CVE-2021-21996.html https://bugzilla.suse.com/1164192 https://bugzilla.suse.com/1167586 https://bugzilla.suse.com/1168327 https://bugzilla.suse.com/1173692 https://bugzilla.suse.com/1180650 https://bugzilla.suse.com/1181223 https://bugzilla.suse.com/1184659 https://bugzilla.suse.com/1185131 https://bugzilla.suse.com/1186287 https://bugzilla.suse.com/1186310 https://bugzilla.suse.com/1186581 https://bugzilla.suse.com/1186674 https://bugzilla.suse.com/1187787 https://bugzilla.suse.com/1187813 https://bugzilla.suse.com/1188042 https://bugzilla.suse.com/1188170 https://bugzilla.suse.com/1188641 https://bugzilla.suse.com/1188647 https://bugzilla.suse.com/1188977 https://bugzilla.suse.com/1189040 https://bugzilla.suse.com/1189043 https://bugzilla.suse.com/1190114 https://bugzilla.suse.com/1190265 https://bugzilla.suse.com/1190446 https://bugzilla.suse.com/1190512 https://bugzilla.suse.com/1191412 https://bugzilla.suse.com/1191431 . SUSE Manager Client Tools have been upgraded to address a vulnerability and come with various enhancements, totaling 26 corrections overall.. SUSE Manager Update, Client Tools Security, Patch Instructions. .LinuxSecurity.com Team

Dec 03, 2021 SuSE