Security update for saphanabootstrap-formula
Announcement ID: | SUSE-SU-2023:0011-1 |
---|---|
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves one vulnerability and has one security fix can now be installed.
Description:
This update for saphanabootstrap-formula fixes the following issues:
- Version bump 0.13.1
- revert changes to spec file to re-enable SLES RPM builds
-
CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990)
-
Version bump 0.13.0
- pass sid to sudoers in a SLES12 compatible way
-
add location constraint to gcp_stonith
-
Version bump 0.12.1
-
moved templates dir into hana dir in repository to be gitfs compatible
-
Version bump 0.12.0
-
add SAPHanaSR takeover blocker
-
Version bump 0.11.0
- use check_cmd instead of tmp sudoers file
- make sudoers rules more secure
-
migrate sudoers to template file
-
Version bump 0.10.1
- fix hook removal conditions
-
fix majority_maker code on case grain is empty
-
Version bump 0.10.0
- allow to disable shared HANA basepath and rework add_hosts code (enables HANA scale-out on AWS)
-
do not edit global.ini directly (if not needed)
-
Version bump 0.9.1
-
fix majority_maker code on case grain is empty
-
Version bump 0.9.0
-
define vip_mechanism for every provider and reorder resources (same schema for all SAP related formulas)
-
Version bump 0.8.1
-
use multi-target Hook on HANA scale-out
-
Version bump 0.8.0
- add HANA scale-out support
-
add idempotence to not affect a running HANA and cluster
-
Version bump 0.7.2
-
add native fencing for microsoft-azure
-
fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703
- removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory
- fixes execution order of srTakeover/srCostOptMemConfig hook
-
renames and updates hook srTakeover to srCostOptMemConfig
-
Changing exporter stickiness to => 0 and adjusting the colocation score from +inf to -inf and changing the colocation from Master to Slave. This change fix the impact of a failed exporter in regards to the HANA DB.
-
Document extra_parameters in pillar.example (bsc#1185643)
-
Change hanadb_exporter default timeout value to 30 seconds
-
Set correct stickiness for the azure-lb resource The azure-lb resource receives an stickiness=0 to not influence on transitions calculations as the HANA resources have more priority
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4
zypper in -t patch SUSE-SLE-SAP-12-SP4-2023-11=1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5
zypper in -t patch SUSE-SLE-SAP-12-SP5-2023-11=1
Package List:
-
SUSE Linux Enterprise Server for SAP Applications 12 SP4 (noarch)
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-4.18.1
-
SUSE Linux Enterprise Server for SAP Applications 12 SP5 (noarch)
- saphanabootstrap-formula-0.13.1+git.1667812208.4db963e-4.18.1