A SUSE Manager Client Tools security update has been released for openSUSE Leap 15.3.

openSUSE-SU-2021:2675-1: moderate: Security update for SUSE Manager Client Tools

openSUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID: openSUSE-SU-2021:2675-1
Rating: moderate
References: #1175478 #1186242 #1186508 #1186581 #1186650
#1188846 SLE-18254
Cross-References: CVE-2021-27962 CVE-2021-28146 CVE-2021-28147
CVE-2021-28148 CVE-2021-29622
CVSS scores:
CVE-2021-27962 (NVD) : 7.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2021-27962 (SUSE): 6.8 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
CVE-2021-28148 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2021-29622 (NVD) : 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Affected Products:
openSUSE Leap 15.3
______________________________________________________________________________

An update that solves 5 vulnerabilities, contains one
feature and has one errata is now available.

Description:

This update fixes the following issues:

ansible:

- The support level for ansible is l2, not l3

dracut-saltboot:

- Force installation of libexpat.so.1 (bsc#1188846)
- Use kernel parameters from PXE formula also for local boot

golang-github-prometheus-prometheus:

- Provide and reload firewalld configuration only for:
+ openSUSE Leap 15.0, 15.1, 15.2
+ SUSE Linux Enterprise 15, 15 SP1, 15 SP2
- Upgrade to upstream version 2.27.1 (jsc#SLE-18254)
+ Bugfix:
* SECURITY: Fix arbitrary redirects under the /new endpoint
(CVE-2021-29622, bsc#1186242)
* UI: Provide errors instead of blank page on TSDB Status Page. #8654
#8659
* TSDB: Do not panic when writing very large records to the WAL. #8790
* TSDB: Avoid panic when mmaped memory is referenced after the file is
closed. #8723
* Scaleway Discovery: Fix nil pointer dereference. #8737
* Consul Discovery: Restart no longer required after config update
with no targets. #8766
+ Features:
* Promtool: Retroactive rule evaluation functionality.
* Configuration: Environment variable expansion for external labels.
Behind '--enable-feature=expand-external-labels' flag.
* Add a flag '--storage.tsdb.max-block-chunk-segment-size' to control
the max chunks file size of the blocks for small Prometheus
instances.
* UI: Add a dark theme.
* AWS Lightsail Discovery: Add AWS Lightsail Discovery.
* Docker Discovery: Add Docker Service Discovery.
* OAuth: Allow OAuth 2.0 to be used anywhere an HTTP client is used.
* Remote Write: Send exemplars via remote write. Experimental and
disabled by default.
+ Enhancements:
* Digital Ocean Discovery: Add '__meta_digitalocean_vpc' label.
* Scaleway Discovery: Read Scaleway secret from a file.
* Scrape: Add configurable limits for label size and count.
* UI: Add 16w and 26w time range steps.
* Templating: Enable parsing strings in humanize functions.
- Update package with changes from `server:monitoring` (bsc#1175478) Left
out removal of 'firewalld' related configuration files as SUSE Linux
Enterprise 15-SP1's `firewalld` package does not contain 'prometheus'
configuration yet.

mgr-cfg:

- No visible impact for the user

mgr-custom-info:

- No visible impact for the user

mgr-osad:

- No visible impact for the user

mgr-push:

- No visible impact for the user

mgr-virtualization:

- No visible impact for the user

rhnlib:

- No visible impact for the user

spacecmd:

- Make spacecmd aware of retracted patches/packages
- Enhance help for installation types when creating distributions
(bsc#1186581)
- Parse empty argument when nothing in between the separator

spacewalk-client-tools:

- Update translation strings

spacewalk-koan:

- Fix for spacewalk-koan tests after switching to the new Docker images

spacewalk-oscap:

- No visible impact for the user

suseRegisterInfo:

- No visible impact for the user

uyuni-common-libs:

- Handle broken RPM packages to prevent exceptions causing fails on
repository synchronization (bsc#1186650)
- Maintainer field in debian packages are only recommended (bsc#1186508)

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

- openSUSE Leap 15.3:

zypper in -t patch openSUSE-SLE-15.3-2021-2675=1


Package List:

- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):

python2-uyuni-common-libs-4.2.5-1.15.1
python3-uyuni-common-libs-4.2.5-1.15.1

- openSUSE Leap 15.3 (noarch):

ansible-2.9.21-1.5.1
ansible-doc-2.9.21-1.5.1
ansible-test-2.9.21-1.5.1
dracut-saltboot-0.1.1627546504.96a0b3e-1.27.1
mgr-cfg-4.2.3-1.18.1
mgr-cfg-actions-4.2.3-1.18.1
mgr-cfg-client-4.2.3-1.18.1
mgr-cfg-management-4.2.3-1.18.1
mgr-custom-info-4.2.2-1.12.1
mgr-osa-dispatcher-4.2.6-1.30.1
mgr-osad-4.2.6-1.30.1
mgr-push-4.2.3-1.12.1
mgr-virtualization-host-4.2.2-1.20.1
python2-mgr-cfg-4.2.3-1.18.1
python2-mgr-cfg-actions-4.2.3-1.18.1
python2-mgr-cfg-client-4.2.3-1.18.1
python2-mgr-cfg-management-4.2.3-1.18.1
python2-mgr-osa-common-4.2.6-1.30.1
python2-mgr-osa-dispatcher-4.2.6-1.30.1
python2-mgr-osad-4.2.6-1.30.1
python2-mgr-push-4.2.3-1.12.1
python2-mgr-virtualization-common-4.2.2-1.20.1
python2-mgr-virtualization-host-4.2.2-1.20.1
python2-rhnlib-4.2.4-3.28.1
python2-spacewalk-check-4.2.12-3.44.1
python2-spacewalk-client-setup-4.2.12-3.44.1
python2-spacewalk-client-tools-4.2.12-3.44.1
python2-spacewalk-koan-4.2.4-3.21.1
python2-spacewalk-oscap-4.2.2-3.12.1
python2-suseRegisterInfo-4.2.4-3.15.1
python3-mgr-cfg-4.2.3-1.18.1
python3-mgr-cfg-actions-4.2.3-1.18.1
python3-mgr-cfg-client-4.2.3-1.18.1
python3-mgr-cfg-management-4.2.3-1.18.1
python3-mgr-osa-common-4.2.6-1.30.1
python3-mgr-osa-dispatcher-4.2.6-1.30.1
python3-mgr-osad-4.2.6-1.30.1
python3-mgr-push-4.2.3-1.12.1
python3-mgr-virtualization-common-4.2.2-1.20.1
python3-mgr-virtualization-host-4.2.2-1.20.1
python3-rhnlib-4.2.4-3.28.1
python3-spacewalk-check-4.2.12-3.44.1
python3-spacewalk-client-setup-4.2.12-3.44.1
python3-spacewalk-client-tools-4.2.12-3.44.1
python3-spacewalk-koan-4.2.4-3.21.1
python3-spacewalk-oscap-4.2.2-3.12.1
python3-suseRegisterInfo-4.2.4-3.15.1
spacecmd-4.2.11-3.62.1
spacewalk-check-4.2.12-3.44.1
spacewalk-client-setup-4.2.12-3.44.1
spacewalk-client-tools-4.2.12-3.44.1
spacewalk-koan-4.2.4-3.21.1
spacewalk-oscap-4.2.2-3.12.1
suseRegisterInfo-4.2.4-3.15.1

References:

  https://www.suse.com/security/cve/CVE-2021-27962.html
  https://www.suse.com/security/cve/CVE-2021-28146.html
  https://www.suse.com/security/cve/CVE-2021-28147.html
  https://www.suse.com/security/cve/CVE-2021-28148.html
  https://www.suse.com/security/cve/CVE-2021-29622.html
  https://bugzilla.suse.com/1175478
  https://bugzilla.suse.com/1186242
  https://bugzilla.suse.com/1186508
  https://bugzilla.suse.com/1186581
  https://bugzilla.suse.com/1186650
  https://bugzilla.suse.com/1188846