SUSE-SU-2020:3251-1

Details

This security update for SUSE Manager 3.2 fixes the following issues:

py26-compat-salt:

Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)

spacewalk-java:

Use correct eauth module and credentials for Salt SSH calls (bsc#1178319, CVE-2020-25592)

Affected Packages

py26-compat-salt

SUSE Manager Server 3.2

Fixed in:

2016.11.10-6.41.1

spacewalk-java

SUSE Manager Server 3.2

Fixed in:

2.8.78.31-3.56.1

spacewalk-java-config

SUSE Manager Server 3.2

Fixed in:

2.8.78.31-3.56.1

spacewalk-java-lib

SUSE Manager Server 3.2

Fixed in:

2.8.78.31-3.56.1

spacewalk-java-oracle

SUSE Manager Server 3.2

Fixed in:

2.8.78.31-3.56.1

spacewalk-java-postgresql

SUSE Manager Server 3.2

Fixed in:

2.8.78.31-3.56.1

spacewalk-taskomatic

SUSE Manager Server 3.2

Fixed in:

2.8.78.31-3.56.1

References

REPORT

https://bugzilla.suse.com/1178319

REPORT

https://bugzilla.suse.com/1178361

REPORT

https://bugzilla.suse.com/1178362

WEB

https://www.suse.com/security/cve/CVE-2020-16846

WEB

https://www.suse.com/security/cve/CVE-2020-17490

WEB

https://www.suse.com/security/cve/CVE-2020-25592

ADVISORY

https://www.suse.com/support/update/announcement/2020/suse-su-20203251-1/