Security update for SUSE Manager Client Tools

Announcement ID:	SUSE-SU-2020:14564-1
Rating:	moderate
References:	bsc#1102248 bsc#1178485
Cross-References:	CVE-2020-25592
CVSS scores:	CVE-2020-25592 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2020-25592 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Products:	SUSE Manager Client Tools for Ubuntu 16.04 1604

An update that solves one vulnerability and has one security fix can now be installed.

Description:

This update fixes the following issues:

salt:

• Fix syntax error on pkgrepo state with Python 2.7
• Transactional_update: unify with chroot.call
• Add "migrated" state and GPG key management functions
• Master can read grains
• Fix for broken psutil (bsc#1102248)
• Fix novendorchange handling in zypperpkg module
• Avoid regression on "salt-master": set passphrase for salt-ssh keys to empty string (bsc#1178485)

spacecmd:

• Fix: make spacecmd build on Debian

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Client Tools for Ubuntu 16.04 1604
  zypper in -t patch suse-ubu164ct-client-tools-202011-14564=1

Package List:

• SUSE Manager Client Tools for Ubuntu 16.04 1604 (all)
  • spacecmd-4.1.9-17.1
  • salt-minion-3000+ds-1+61.1
  • salt-common-3000+ds-1+61.1

References:

• https://www.suse.com/security/cve/CVE-2020-25592.html
• https://bugzilla.suse.com/show_bug.cgi?id=1102248
• https://bugzilla.suse.com/show_bug.cgi?id=1178485