SUSE-SU-2020:3250-1

Source
https://www.suse.com/support/update/announcement/2020/suse-su-20203250-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:3250-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2020:3250-1
Related
Published
2020-11-06T16:03:24Z
Modified
2020-11-06T16:03:24Z
Summary
Security update for SUSE Manager 4.0
Details

This security update for SUSE Manager 4.0 provides the following fixes:

py26-compat-salt:

  • Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)

spacewalk-java:

  • Use correct eauth module and credentials for Salt SSH calls. (bsc#1178319, CVE-2020-25592)
References

Affected packages

SUSE:Manager Server Module 4.0 / py26-compat-salt

Package

Name
py26-compat-salt
Purl
pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2016.11.10-10.17.1

Ecosystem specific

{
    "binaries": [
        {
            "spacewalk-taskomatic": "4.0.39-3.45.1",
            "py26-compat-salt": "2016.11.10-10.17.1",
            "spacewalk-java-postgresql": "4.0.39-3.45.1",
            "spacewalk-java-config": "4.0.39-3.45.1",
            "spacewalk-java-lib": "4.0.39-3.45.1",
            "spacewalk-java": "4.0.39-3.45.1"
        }
    ]
}

SUSE:Manager Server Module 4.0 / spacewalk-java

Package

Name
spacewalk-java
Purl
pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.0.39-3.45.1

Ecosystem specific

{
    "binaries": [
        {
            "spacewalk-taskomatic": "4.0.39-3.45.1",
            "py26-compat-salt": "2016.11.10-10.17.1",
            "spacewalk-java-postgresql": "4.0.39-3.45.1",
            "spacewalk-java-config": "4.0.39-3.45.1",
            "spacewalk-java-lib": "4.0.39-3.45.1",
            "spacewalk-java": "4.0.39-3.45.1"
        }
    ]
}