Security update for SUSE Manager Client Tools
| Announcement ID: | SUSE-SU-2021:3549-1 |
|---|---|
| Rating: | moderate |
| References: | |
| Cross-References: | |
| CVSS scores: |
|
| Affected Products: |
|
An update that solves one vulnerability, contains one feature and has three security fixes can now be installed.
Description:
This update fixes the following issues:
salt:
- Support querying for JSON data in external sql pillar
- Exclude the full path of a download URL to prevent injection of malicious code (bsc#1190265, CVE-2021-21996)
- Fix wrong relative paths resolution with Jinja renderer when importing subdirectories
scap-security-guide:
- Updated to 0.1.57 release (jsc#ECO-3319)
- CIS profile for RHEL 7 is updated
- initial CIS profiles for Ubuntu 20.04
- Major improvement of RHEL 9 content
- new release process implemented using Github actions
spacecmd:
- Version 4.2.13-1
- Update translation strings
- configchannel_updatefile handles directory properly (bsc#1190512)
- Add schedule_archivecompleted to mass archive actions (bsc#1181223)
- Remove whoami from the list of unauthenticated commands (bsc#1188977)
Special Instructions and Notes:
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Manager Client Tools for Debian 10
zypper in -t patch SUSE-Debian-10-CLIENT-TOOLS-x86_64-2021-3549=1
Package List:
-
SUSE Manager Client Tools for Debian 10 (all)
- spacecmd-4.2.13-2.18.1
- scap-security-guide-debian-0.1.57-2.9.1
- salt-common-3002.2+ds-1+2.36.1
- salt-minion-3002.2+ds-1+2.36.1