SUSE-SU-2021:0782-1

See a problem?
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:0782-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2021:0782-1
Related
Published
2021-03-12T16:43:48Z
Modified
2021-03-12T16:43:48Z
Summary
Security update for crmsh
Details

This update for crmsh fixes the following issues:

  • Update to version 4.3.0+20210219.5d1bf034:
    • Fix: hbreport: walk through hbreport process under hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571)
    • Fix: bootstrap: setup authorized ssh access for hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571)
    • Dev: analyze: Add analyze sublevel and put preflightcheck in it(jsc#ECO-1658)
    • Dev: utils: change default file mod as 644 for str2file function
    • Dev: hbreport: Detect if any ocfs2 partitions exist
    • Dev: lock: give more specific error message when raise ClaimLockError
    • Fix: Replace mktemp() to mkstemp() for security
    • Fix: Remove the duplicate --cov-report html in tox.
    • Fix: fix some lint issues.
    • Fix: Replace utils.msginfo to task.info
    • Fix: Solve a circular import error of utils.py
    • Fix: hbreport: run lsof with specific ocfs2 device(bsc#1180688)
    • Dev: corosync: change the permission of corosync.conf to 644
    • Fix: preflightcheck: task: raise error when reportpath isn't a directory
    • Fix: bootstrap: Use class Watchdog to simplify watchdog config(bsc#1154927, bsc#1178869)
    • Dev: Polish the sbd feature.
    • Dev: Replace -f with -c and run check when no parameter provide.
    • Fix: Fix the yes option not working
    • Fix: Remove useless import and show help when no input.
    • Dev: Correct SBD device id inconsistenc during ASR
    • Fix: completers: return complete start/stop resource id list correctly(bsc#1180137)
    • Dev: Makefile.am: change makefile to integrate preflightcheck
    • Medium: integrate preflightcheck into crmsh(jsc#ECO-1658)
    • Fix: bootstrap: make sure sbd device UUID was the same between nodes(bsc#1178454)
References

Affected packages

SUSE:Linux Enterprise High Availability Extension 15 SP1 / crmsh

Package

Name
crmsh
Purl
purl:rpm/suse/crmsh&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.3.0+20210219.5d1bf034-3.57.3

Ecosystem specific

{
    "binaries": [
        {
            "crmsh-scripts": "4.3.0+20210219.5d1bf034-3.57.3",
            "crmsh": "4.3.0+20210219.5d1bf034-3.57.3"
        }
    ]
}