Security Beta update for SUSE Manager Client Tools
Announcement ID: | SUSE-SU-2021:3904-1 |
---|---|
Rating: | moderate |
References: |
|
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability, contains one feature and has 26 security fixes can now be installed.
Description:
This update fixes the following issues:
salt:
- Remove wrong _parse_cpe_name from grains.core
- Prevent tracebacks if directory for cookie is missing
- Fix file.find tracebacks with non utf8 file names (bsc#1190114)
- Fix ip6_interface grain to not leak secondary IPv4 aliases (bsc#1191412)
- Do not consider skipped targets as failed for ansible.playbooks state (bsc#1190446)
- Fix traceback.*_exc() calls
- Fix the regression of docker_container state module
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265) (CVE-2021-21996)
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
- Fix python-MarkupSafe dependency (bsc#1189043)
- Add missing aarch64 to rpm package architectures
- Consolidate some state requisites (bsc#1188641)
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Define license macro as doc in spec file if not existing
- Add standalone formulas configuration for salt minion and remove salt-master requirement (bsc#1168327)
- Do noop for services states when running systemd in offline mode (bsc#1187787)
- Transactional_updates: do not execute states in parallel but use a queue (bsc#1188170)
- Handle "master tops" data when states are applied by "transactional_update" (bsc#1187787)
- Enhance openscap module: add "xccdf_eval" call
- Virt: pass emulator when getting domain capabilities from libvirt
- Implementation of held/unheld functions for state pkg (bsc#1187813)
- Fix exception in yumpkg.remove for not installed package
- Fix save for iptables state module (bsc#1185131)
- Virt: use /dev/kvm to detect KVM
- Zypperpkg: improve logic for handling vendorchange flags
- Add bundled provides for tornado to the spec file
- Enhance logging when inotify beacon is missing pyinotify (bsc#1186310)
- Add "python3-pyinotify" as a recommended package for Salt in SUSE/openSUSE distros
- Check if dpkgnotify is executable (bsc#1186674)
- Detect Python version to use inside container (bsc#1167586) (bsc#1164192)
- Handle volumes on stopped pools in virt.vm_info (bsc#1186287)
- Grains.extra: support old non-intel kernels (bsc#1180650)
- Fix missing minion returns in batch mode (bsc#1184659)
- Parsing Epoch out of version provided during pkg remove (bsc#1173692)
scap-security-guide:
- Fix SLE-12 build issue caused by '\xb0' character (bsc#1191431).
- Updated to 0.1.58 release (jsc#ECO-3319)
- Support for Script Checking Engine (SCE)
- Split RHEL 8 CIS profile using new controls file format
- CIS Profiles for SLE12
- Initial Ubuntu 20.04 STIG Profiles
- Addition of an automated CCE adder
- Updated to 0.1.57 release (jsc#ECO-3319)
- CIS profile for RHEL 7 is updated
- initial CIS profiles for Ubuntu 20.04
- Major improvement of RHEL 9 content
- new release process implemented using Github actions
- Specify the maintainer, for deb packages.
- Updated to 0.1.56 release (jsc#ECO-3319)
- Align ism_o profile with latest ISM SSP (#6878)
- Align RHEL 7 STIG profile with DISA STIG V3R3
- Creating new RHEL 7 STIG GUI profile (#6863)
- Creating new RHEL 8 STIG GUI profile (#6862)
- Add the RHEL9 product (#6801)
- Initial support for SUSE SLE-15 (#6666)
- add support for osbuild blueprint remediations (#6970)
- Updated to a intermediate GIT snapshot of 20210323 (jsc#ECO-3319)
- initial SLES15 STIG added
- more SLES 12 STIG work
- correct tables and cross references for SLES 12 and 15 STIG
- Updated to 0.1.55 release (jsc#ECO-3319)
- big update of rules used in SLES-12 STIG profile
- Render policy to HTML (#6532)
- Add variable support to yamlfile_value template (#6563)
- Introduce new template for dconf configuration files (#6118)
- Avoid some non sles12 sp2 available macros.
spacecmd:
- Version 4.3.4-1
- Update translation strings
- Version 4.3.3-1
- Improved event history listing and added new system_eventdetails command to retrieve the details of an event
- configchannel_updatefile handles directory properly (bsc#1190512)
- Version 4.3.2-1
- Add schedule_archivecompleted to mass archive actions (bsc#1181223)
- Make schedule_deletearchived to get all actions without display limit
- Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
- Remove whoami from the list of unauthenticated commands (bsc#1188977)
- Version 4.3.1-1
- Use correct API endpoint in list_proxies (bsc#1188042)
- Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)
- Make spacecmd aware of retracted patches/packages
- Version 4.2.10-1
- Enhance help for installation types when creating distributions (bsc#1186581)
- Version 4.2.9-1
- Parse empty argument when nothing in between the separator
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Client Tools Beta for Debian 9
zypper in -t patch SUSE-Debian-9.0-CLIENT-TOOLS-BETA-2021-3904=1
Package List:
-
SUSE Manager Client Tools Beta for Debian 9 (all)
- salt-minion-3000+ds-1+2.18.1
- spacecmd-4.3.4-2.18.1
- scap-security-guide-debian-0.1.58-2.6.1
- salt-common-3000+ds-1+2.18.1
References:
- https://www.suse.com/security/cve/CVE-2021-21996.html
- https://bugzilla.suse.com/show_bug.cgi?id=1164192
- https://bugzilla.suse.com/show_bug.cgi?id=1167586
- https://bugzilla.suse.com/show_bug.cgi?id=1168327
- https://bugzilla.suse.com/show_bug.cgi?id=1173692
- https://bugzilla.suse.com/show_bug.cgi?id=1180650
- https://bugzilla.suse.com/show_bug.cgi?id=1181223
- https://bugzilla.suse.com/show_bug.cgi?id=1184659
- https://bugzilla.suse.com/show_bug.cgi?id=1185131
- https://bugzilla.suse.com/show_bug.cgi?id=1186287
- https://bugzilla.suse.com/show_bug.cgi?id=1186310
- https://bugzilla.suse.com/show_bug.cgi?id=1186581
- https://bugzilla.suse.com/show_bug.cgi?id=1186674
- https://bugzilla.suse.com/show_bug.cgi?id=1187787
- https://bugzilla.suse.com/show_bug.cgi?id=1187813
- https://bugzilla.suse.com/show_bug.cgi?id=1188042
- https://bugzilla.suse.com/show_bug.cgi?id=1188170
- https://bugzilla.suse.com/show_bug.cgi?id=1188641
- https://bugzilla.suse.com/show_bug.cgi?id=1188647
- https://bugzilla.suse.com/show_bug.cgi?id=1188977
- https://bugzilla.suse.com/show_bug.cgi?id=1189040
- https://bugzilla.suse.com/show_bug.cgi?id=1189043
- https://bugzilla.suse.com/show_bug.cgi?id=1190114
- https://bugzilla.suse.com/show_bug.cgi?id=1190265
- https://bugzilla.suse.com/show_bug.cgi?id=1190446
- https://bugzilla.suse.com/show_bug.cgi?id=1190512
- https://bugzilla.suse.com/show_bug.cgi?id=1191412
- https://bugzilla.suse.com/show_bug.cgi?id=1191431
- https://jira.suse.com/browse/ECO-3319