openSUSE-SU-2021:1162-1: moderate: Security update for SUSE Manager Client Tools
openSUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: openSUSE-SU-2021:1162-1
Rating: moderate
References: #1175478 #1186242 #1186508 #1186581 #1186650
#1188846 SLE-18254
Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147
CVE-2021-28148 CVE-2021-29622
CVSS scores:
CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:
openSUSE Leap 15.2
______________________________________________________________________________
An update that solves 5 vulnerabilities, contains one
feature and has one errata is now available.
Description:
This update fixes the following issues:
ansible:
- The support level for ansible is l2, not l3
dracut-saltboot:
- Force installation of libexpat.so.1 (bsc#1188846)
- Use kernel parameters from PXE formula also for local boot
golang-github-prometheus-prometheus:
- Provide and reload firewalld configuration only for:
+ openSUSE Leap 15.0, 15.1, 15.2
+ SUSE Linux Enterprise 15, 15 SP1, 15 SP2
- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
+ Bugfix:
* SECURITY: Fix arbitrary redirects under the /new endpoint
(CVE-2021-29622, bsc#1186242)
* UI: Provide errors instead of blank page on TSDB Status Page. #8654
#8659
* TSDB: Do not panic when writing very large records to the WAL. #8790
* TSDB: Avoid panic when mmaped memory is referenced after the file is
closed. #8723
* Scaleway Discovery: Fix nil pointer dereference. #8737
* Consul Discovery: Restart no longer required after config update
with no targets. #8766
+ Features:
* Promtool: Retroactive rule evaluation functionality.
* Configuration: Environment variable expansion for external labels.
Behind '--enable-feature=expand-external-labels' flag.
* Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control
the max chunks file size of the blocks for small Prometheus
instances.
* UI: Add a dark theme.
* AWS Lightsail Discovery: Add AWS Lightsail Discovery.
* Docker Discovery: Add Docker Service Discovery.
* OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
* Remote Write: Send exemplars via remote write. Experimental and
disabled by default.
+ Enhancements:
* Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.
* Scaleway Discovery: Read Scaleway secret from a file.
* Scrape: Add configurable limits for label size and count.
* UI: Add 16w and 26w time range steps.
* Templating: Enable parsing strings in humanize functions.
- Update package with changes from `server:monitoring` (bsc#1175478) Left
out removal of 'firewalld' related configuration files as SUSE Linux
Enterprise 15-SP1's `firewalld` package does not contain 'prometheus'
configuration yet.
mgr-cfg:
- No visible impact for the user
mgr-custom-info:
- No visible impact for the user
mgr-osad:
- No visible impact for the user
mgr-push:
- No visible impact for the user
mgr-virtualization:
- No visible impact for the user
rhnlib:
- No visible impact for the user
spacecmd:
- Make spacecmd aware of retracted patches/packages
- Enhance help for installation types when creating distributions
(bsc#1186581)
- Parse empty argument when nothing in between the separator
spacewalk-client-tools:
- Update translation strings
spacewalk-koan:
- Fix for spacewalk-koan tests after switching to the new Docker images
spacewalk-oscap:
- No visible impact for the user
suseRegisterInfo:
- No visible impact for the user
uyuni-common-libs:
- Handle broken RPM packages to prevent exceptions causing fails on
repository synchronization (bsc#1186650)
- Maintainer field in debian packages are only recommended (bsc#1186508)
This update was imported from the SUSE:SLE-15:Update update project.
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Leap 15.2:
zypper in -t patch openSUSE-2021-1162=1
Package List:
- openSUSE Leap 15.2 (x86_64):
golang-github-prometheus-prometheus-2.27.1-lp152.3.13.1
- openSUSE Leap 15.2 (noarch):
ansible-2.9.21-lp152.2.7.1
ansible-doc-2.9.21-lp152.2.7.1
ansible-test-2.9.21-lp152.2.7.1
dracut-saltboot-0.1.1627546504.96a0b3e-lp152.2.26.1
References:
https://www.suse.com/security/cve/CVE-2021-27962.html
https://www.suse.com/security/cve/CVE-2021-28146.html
https://www.suse.com/security/cve/CVE-2021-28147.html
https://www.suse.com/security/cve/CVE-2021-28148.html
https://www.suse.com/security/cve/CVE-2021-29622.html
https://bugzilla.suse.com/1175478
https://bugzilla.suse.com/1186242
https://bugzilla.suse.com/1186508
https://bugzilla.suse.com/1186581
https://bugzilla.suse.com/1186650
https://bugzilla.suse.com/1188846
A SUSE Manager Client Tools security update has been released for openSUSE Leap 15.2.