Security update for saphanabootstrap-formula
| Announcement ID: | SUSE-SU-2023:0009-1 |
|---|---|
| Rating: | important |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability and has one security fix can now be installed.
Description:
This update for saphanabootstrap-formula fixes the following issues:
- Version bump 0.13.1
- revert changes to spec file to re-enable SLES RPM builds
-
CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990)
-
Version bump 0.13.0
- pass sid to sudoers in a SLES12 compatible way
-
add location constraint to gcp_stonith
-
Version bump 0.12.1
-
moved templates dir into hana dir in repository to be gitfs compatible
-
Version bump 0.12.0
-
add SAPHanaSR takeover blocker
-
Version bump 0.11.0
- use check_cmd instead of tmp sudoers file
- make sudoers rules more secure
-
migrate sudoers to template file
-
Version bump 0.10.1
- fix hook removal conditions
-
fix majority_maker code on case grain is empty
-
Version bump 0.10.0
- allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS)
-
do not edit global.ini directly (if not needed)
-
Version bump 0.9.1
-
fix majority_maker code on case grain is empty
-
Version bump 0.9.0
-
define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas)
-
Version bump 0.8.1
-
use multi-target Hook on HANA scale-out
-
Version bump 0.8.0
- add HANA scale-out support
-
add idempotence to not affect a running HANA and cluster
-
Version bump 0.7.2
-
add native fencing for microsoft-azure
-
fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703
- removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory
- fixes execution order of srTakeover/srCostOptMemConfig hook
-
renames and updates hook srTakeover to srCostOptMemConfig
-
Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB.
-
Document extra_parameters in pillar.example (bsc#1185643)
-
Change hanadb_exporter default timeout value to 30 seconds
-
Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
openSUSE Leap 15.4
zypper in -t patch openSUSE-SLE-15.4-2023-9=1 -
SAP Applications Module 15-SP2
zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP2-2023-9=1 -
SAP Applications Module 15-SP3
zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP3-2023-9=1 -
SAP Applications Module 15-SP4
zypper in -t patch SUSE-SLE-Module-SAP-Applications-15-SP4-2023-9=1 -
SUSE Manager Server 4.2 Module 4.2
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2023-9=1 -
SUSE Manager Server 4.3 Module 4.3
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2023-9=1
Package List:
-
openSUSE Leap 15.4 (noarch)
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1
-
SAP Applications Module 15-SP2 (noarch)
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1
-
SAP Applications Module 15-SP3 (noarch)
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1
-
SAP Applications Module 15-SP4 (noarch)
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1
-
SUSE Manager Server 4.2 Module 4.2 (noarch)
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1
-
SUSE Manager Server 4.3 Module 4.3 (noarch)
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-150200.3.15.1