Important security update for SUSE Manager Client Tools

Announcement ID:	SUSE-SU-2022:3178-1
Rating:	important
References:	bsc#1176460 bsc#1180816 bsc#1180942 bsc#1181119 bsc#1181935 bsc#1183684 bsc#1187725 bsc#1188061 bsc#1193585 bsc#1197963 bsc#1199528 bsc#1200142 bsc#1200591 bsc#1200968 bsc#1200970 bsc#1201003 bsc#1202614 jsc#SLE-23631 jsc#SLE-24133 jsc#SLE-24791
Cross-References:	CVE-2021-20178 CVE-2021-20180 CVE-2021-20191 CVE-2021-20228 CVE-2021-3447 CVE-2021-3583 CVE-2021-3620
CVSS scores:	CVE-2021-20178 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2021-20178 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-20180 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2021-20180 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-20191 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2021-20191 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-20228 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2021-20228 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-3447 ( SUSE ): 5.0 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N CVE-2021-3447 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVE-2021-3583 ( SUSE ): 6.6 CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2021-3583 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVE-2021-3620 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVE-2021-3620 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products:	openSUSE Leap 15.3 openSUSE Leap 15.4 openSUSE Leap 15.5 SUSE Linux Enterprise Desktop 15 SUSE Linux Enterprise Desktop 15 SP1 SUSE Linux Enterprise Desktop 15 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise Desktop 15 SP4 SUSE Linux Enterprise Desktop 15 SP5 SUSE Linux Enterprise Desktop 15 SP6 SUSE Linux Enterprise High Performance Computing 15 SUSE Linux Enterprise High Performance Computing 15 LTSS 15 SUSE Linux Enterprise High Performance Computing 15 SP1 SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise High Performance Computing 15 SP4 SUSE Linux Enterprise High Performance Computing 15 SP5 SUSE Linux Enterprise High Performance Computing 15 SP6 SUSE Linux Enterprise Real Time 15 SP1 SUSE Linux Enterprise Real Time 15 SP2 SUSE Linux Enterprise Real Time 15 SP3 SUSE Linux Enterprise Real Time 15 SP4 SUSE Linux Enterprise Real Time 15 SP5 SUSE Linux Enterprise Server 15 SUSE Linux Enterprise Server 15 LTSS 15 SUSE Linux Enterprise Server 15 SP1 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server 15 SP4 SUSE Linux Enterprise Server 15 SP5 SUSE Linux Enterprise Server 15 SP6 SUSE Linux Enterprise Server ESPOS 15 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP4 SUSE Linux Enterprise Server for SAP Applications 15 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SP6 SUSE Manager Client Tools for SLE 15 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.1 Module 4.1 SUSE Manager Proxy 4.2 SUSE Manager Proxy 4.2 Module 4.2 SUSE Manager Proxy 4.3 SUSE Manager Proxy 4.3 Module 4.3 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Retail Branch Server 4.3 SUSE Manager Server 4.1 SUSE Manager Server 4.1 Module 4.1 SUSE Manager Server 4.2 SUSE Manager Server 4.2 Module 4.2 SUSE Manager Server 4.3 SUSE Manager Server 4.3 Module 4.3

An update that solves seven vulnerabilities, contains three features and has 10 security fixes can now be installed.

Description:

This update fixes the following issues:

ansible:

• Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
• CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725)
• CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061)
• ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)
• Update to 2.9.22:
• CVE-2021-3447 (bsc#1183684) multiple modules expose secured values
• CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
• CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values
• CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values
• CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

dracut-saltboot:

• Require e2fsprogs (bsc#1202614)
• Update to version 0.1.1657643023.0d694ce
• Update dracut-saltboot dependencies (bsc#1200970)
• Fix network loading when ipappend is used in pxe config
• Add new information messages

golang-github-QubitProducts-exporter_exporter:

• Remove license file from %doc

mgr-daemon:

• Version 4.3.5-1
• Update translation strings

mgr-virtualization:

• Version 4.3.6-1
• Report all VMs in poller, not only running ones (bsc#1199528)

prometheus-blackbox_exporter:

• Exclude s390 arch

python-hwdata:

• Declare the LICENSE file as license and not doc

spacecmd:

• Version 4.3.14-1
• Fix missing argument on system_listmigrationtargets (bsc#1201003)
• Show correct help on calling kickstart_importjson with no arguments
• Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
• Change proxy container config default filename to end with tar.gz
• Update translation strings

spacewalk-client-tools:

• Version 4.3.11-1
• Update translation strings

uyuni-common-libs:

• Version 4.3.5-1
• Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

uyuni-proxy-systemd-services:

• Version 4.3.6-1
• Expose port 80 (bsc#1200142)
• Use volumes rather than bind mounts
• TFTPD to listen on udp port (bsc#1200968)
• Add TAG variable in configuration
• Fix containers namespaces in configuration

zypp-plugin-spacewalk:

• 1.0.13
• Log in before listing channels. (bsc#1197963, bsc#1193585)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• openSUSE Leap 15.4
  zypper in -t patch openSUSE-SLE-15.4-2022-3178=1
• SUSE Manager Client Tools for SLE 15
  zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3178=1
• SUSE Manager Proxy 4.1 Module 4.1
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-3178=1
• SUSE Manager Proxy 4.2 Module 4.2
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3178=1
• SUSE Manager Proxy 4.3 Module 4.3
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3178=1
• SUSE Manager Server 4.1 Module 4.1
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3178=1
• SUSE Manager Server 4.2 Module 4.2
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3178=1
• SUSE Manager Server 4.3 Module 4.3
  zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3178=1
• SUSE Linux Enterprise Server ESPOS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3178=1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3178=1
• SUSE Linux Enterprise Server 15 LTSS 15
  zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3178=1
• SUSE Linux Enterprise Server for SAP Applications 15
  zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3178=1

Package List:

• openSUSE Leap 15.4 (noarch)
  • python3-hwdata-2.3.5-150000.3.9.1
  • ansible-2.9.27-150000.1.14.1
  • dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1
  • spacecmd-4.3.14-150000.3.83.1
  • ansible-doc-2.9.27-150000.1.14.1
  • ansible-test-2.9.27-150000.1.14.1
• openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64)
  • golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
  • wire-0.5.0-150000.1.6.1
  • prometheus-blackbox_exporter-0.19.0-150000.1.11.1
  • wire-debuginfo-0.5.0-150000.1.6.1
• SUSE Manager Client Tools for SLE 15 (noarch)
  • python3-hwdata-2.3.5-150000.3.9.1
  • python3-spacewalk-check-4.3.11-150000.3.65.1
  • ansible-2.9.27-150000.1.14.1
  • python3-spacewalk-client-setup-4.3.11-150000.3.65.1
  • python3-spacewalk-client-tools-4.3.11-150000.3.65.1
  • python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
  • spacewalk-client-tools-4.3.11-150000.3.65.1
  • uyuni-proxy-systemd-services-4.3.6-150000.1.6.1
  • dracut-saltboot-0.1.1657643023.0d694ce-150000.1.35.1
  • spacecmd-4.3.14-150000.3.83.1
  • spacewalk-check-4.3.11-150000.3.65.1
  • python3-mgr-virtualization-common-4.3.6-150000.1.32.1
  • mgr-daemon-4.3.5-150000.1.35.1
  • python3-mgr-virtualization-host-4.3.6-150000.1.32.1
  • spacewalk-client-setup-4.3.11-150000.3.65.1
  • ansible-doc-2.9.27-150000.1.14.1
  • mgr-virtualization-host-4.3.6-150000.1.32.1
  • zypp-plugin-spacewalk-1.0.13-150000.3.32.1
• SUSE Manager Client Tools for SLE 15 (aarch64 ppc64le s390x x86_64)
  • golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
  • prometheus-blackbox_exporter-0.19.0-150000.1.11.1
  • python3-uyuni-common-libs-4.3.5-150000.1.24.1
• SUSE Manager Proxy 4.1 Module 4.1 (noarch)
  • python3-hwdata-2.3.5-150000.3.9.1
  • zypp-plugin-spacewalk-1.0.13-150000.3.32.1
  • python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
• SUSE Manager Proxy 4.2 Module 4.2 (noarch)
  • python3-hwdata-2.3.5-150000.3.9.1
  • ansible-2.9.27-150000.1.14.1
  • python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
  • ansible-doc-2.9.27-150000.1.14.1
  • zypp-plugin-spacewalk-1.0.13-150000.3.32.1
• SUSE Manager Proxy 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64)
  • golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
  • prometheus-blackbox_exporter-0.19.0-150000.1.11.1
• SUSE Manager Proxy 4.3 Module 4.3 (noarch)
  • python3-hwdata-2.3.5-150000.3.9.1
  • ansible-2.9.27-150000.1.14.1
  • python3-zypp-plugin-spacewalk-1.0.13-150000.3.32.1
  • ansible-doc-2.9.27-150000.1.14.1
  • zypp-plugin-spacewalk-1.0.13-150000.3.32.1
• SUSE Manager Proxy 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
  • golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
  • prometheus-blackbox_exporter-0.19.0-150000.1.11.1
• SUSE Manager Server 4.1 Module 4.1 (noarch)
  • python3-hwdata-2.3.5-150000.3.9.1
• SUSE Manager Server 4.2 Module 4.2 (aarch64 ppc64le s390x x86_64)
  • golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
• SUSE Manager Server 4.2 Module 4.2 (noarch)
  • python3-hwdata-2.3.5-150000.3.9.1
• SUSE Manager Server 4.3 Module 4.3 (aarch64 ppc64le s390x x86_64)
  • golang-github-QubitProducts-exporter_exporter-0.4.0-150000.1.15.1
• SUSE Manager Server 4.3 Module 4.3 (noarch)
  • python3-hwdata-2.3.5-150000.3.9.1
• SUSE Linux Enterprise Server ESPOS 15 (aarch64 x86_64)
  • golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
• SUSE Linux Enterprise High Performance Computing 15 LTSS 15 (aarch64 x86_64)
  • golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
• SUSE Linux Enterprise Server 15 LTSS 15 (aarch64 ppc64le s390x x86_64)
  • golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1
• SUSE Linux Enterprise Server for SAP Applications 15 (ppc64le x86_64)
  • golang-github-prometheus-node_exporter-1.3.0-150000.3.15.1

References:

• https://www.suse.com/security/cve/CVE-2021-20178.html
• https://www.suse.com/security/cve/CVE-2021-20180.html
• https://www.suse.com/security/cve/CVE-2021-20191.html
• https://www.suse.com/security/cve/CVE-2021-20228.html
• https://www.suse.com/security/cve/CVE-2021-3447.html
• https://www.suse.com/security/cve/CVE-2021-3583.html
• https://www.suse.com/security/cve/CVE-2021-3620.html
• https://bugzilla.suse.com/show_bug.cgi?id=1176460
• https://bugzilla.suse.com/show_bug.cgi?id=1180816
• https://bugzilla.suse.com/show_bug.cgi?id=1180942
• https://bugzilla.suse.com/show_bug.cgi?id=1181119
• https://bugzilla.suse.com/show_bug.cgi?id=1181935
• https://bugzilla.suse.com/show_bug.cgi?id=1183684
• https://bugzilla.suse.com/show_bug.cgi?id=1187725
• https://bugzilla.suse.com/show_bug.cgi?id=1188061
• https://bugzilla.suse.com/show_bug.cgi?id=1193585
• https://bugzilla.suse.com/show_bug.cgi?id=1197963
• https://bugzilla.suse.com/show_bug.cgi?id=1199528
• https://bugzilla.suse.com/show_bug.cgi?id=1200142
• https://bugzilla.suse.com/show_bug.cgi?id=1200591
• https://bugzilla.suse.com/show_bug.cgi?id=1200968
• https://bugzilla.suse.com/show_bug.cgi?id=1200970
• https://bugzilla.suse.com/show_bug.cgi?id=1201003
• https://bugzilla.suse.com/show_bug.cgi?id=1202614
• https://jira.suse.com/browse/SLE-23631
• https://jira.suse.com/browse/SLE-24133
• https://jira.suse.com/browse/SLE-24791