Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2022:3178-1
HistorySep 08, 2022 - 12:00 a.m.

Important for SUSE Manager Client Tools (important)

2022-09-0800:00:00
lists.opensuse.org
32
suse manager client tools
vulnerabilities
features
fixes
update
ansible
dracut-saltboot
exporter_exporter
mgr-daemon
mgr-virtualization
prometheus-blackbox_exporter
python-hwdata
spacecmd
spacewalk-client-tools
uyuni-common-libs
uyuni-proxy-systemd-services
zypp-plugin-spacewalk
security update
installation methods
yast online_update
zypper patch
opensuse leap 15.4
opensuse leap 15.3
suse manager tools 15
suse linux enterprise server for sap 15
suse linux enterprise server 15-ltss
suse linux enterprise module for suse manager server 4.3
suse linux enterprise module for suse manager server 4.2
suse linux enterprise module for suse manager server 4.1
suse linux enterprise module for suse manager proxy 4.3

EPSS

0.003

Percentile

70.7%

JSON

An update that solves 7 vulnerabilities, contains three
features and has 10 fixes is now available.

Description:

This update fixes the following issues:

ansible:

  • Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
    • CVE-2021-3620 ansible-connection module discloses sensitive info in
      traceback error message (in 2.9.27) (bsc#1187725)
    • CVE-2021-3583 Template Injection through yaml multi-line strings with
      ansible facts used in template. (in 2.9.23) (bsc#1188061)
    • ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15)
      (bsc#1176460)
  • Update to 2.9.22:
    • CVE-2021-3447 (bsc#1183684) multiple modules expose secured values
    • CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
    • CVE-2021-20191 (bsc#1181119) multiple collections exposes secured
      values
    • CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes
      sensitive values
    • CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

dracut-saltboot:

  • Require e2fsprogs (bsc#1202614)
  • Update to version 0.1.1657643023.0d694ce
    • Update dracut-saltboot dependencies (bsc#1200970)
    • Fix network loading when ipappend is used in pxe config
    • Add new information messages

golang-github-QubitProducts-exporter_exporter:

  • Remove license file from %doc

mgr-daemon:

  • Version 4.3.5-1
    • Update translation strings

mgr-virtualization:

  • Version 4.3.6-1
    • Report all VMs in poller, not only running ones (bsc#1199528)

prometheus-blackbox_exporter:

  • Exclude s390 arch

python-hwdata:

  • Declare the LICENSE file as license and not doc

spacecmd:

  • Version 4.3.14-1
    • Fix missing argument on system_listmigrationtargets (bsc#1201003)
    • Show correct help on calling kickstart_importjson with no arguments
    • Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
    • Change proxy container config default filename to end with tar.gz
    • Update translation strings

spacewalk-client-tools:

  • Version 4.3.11-1
    • Update translation strings

uyuni-common-libs:

  • Version 4.3.5-1
    • Fix reposync issue about ‘rpm.hdr’ object has no attribute ‘get’

uyuni-proxy-systemd-services:

  • Version 4.3.6-1
    • Expose port 80 (bsc#1200142)
    • Use volumes rather than bind mounts
    • TFTPD to listen on udp port (bsc#1200968)
    • Add TAG variable in configuration
    • Fix containers namespaces in configuration

zypp-plugin-spacewalk:

  • 1.0.13
    • Log in before listing channels. (bsc#1197963, bsc#1193585)

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.4:

    zypper in -t patch openSUSE-SLE-15.4-2022-3178=1

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2022-3178=1

  • SUSE Manager Tools 15:

    zypper in -t patch SUSE-SLE-Manager-Tools-15-2022-3178=1

  • SUSE Linux Enterprise Server for SAP 15:

    zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-3178=1

  • SUSE Linux Enterprise Server 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-SLES-15-2022-3178=1

  • SUSE Linux Enterprise Module for SUSE Manager Server 4.3:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.3-2022-3178=1

  • SUSE Linux Enterprise Module for SUSE Manager Server 4.2:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.2-2022-3178=1

  • SUSE Linux Enterprise Module for SUSE Manager Server 4.1:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-3178=1

  • SUSE Linux Enterprise Module for SUSE Manager Proxy 4.3:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.3-2022-3178=1

  • SUSE Linux Enterprise Module for SUSE Manager Proxy 4.2:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.2-2022-3178=1

  • SUSE Linux Enterprise Module for SUSE Manager Proxy 4.1:

    zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Proxy-4.1-2022-3178=1

  • SUSE Linux Enterprise High Performance Computing 15-LTSS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3178=1

  • SUSE Linux Enterprise High Performance Computing 15-ESPOS:

    zypper in -t patch SUSE-SLE-Product-HPC-15-2022-3178=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.4aarch64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.4ppc64le< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.4s390x< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.4x86_64< - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.4noarch< - openSUSE Leap 15.4 (noarch):- openSUSE Leap 15.4 (noarch):.noarch.rpm
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm
Rows per page:
1-10 of 451

Related

nessus 27
openvas 19
fedora 10
redhat 22
mageia 4
archlinux 2
amazon 1
osv 20
rosalinux 1
debian 2
photon 1
github 6
cve 7
veracode 6
ubuntucve 7
cbl_mariner 7
ubuntu 1
redhatcve 7
prion 7
cvelist 7
debiancve 7
nvd 7
ibm 8
alpinelinux 1
freebsd 2
suse 1
nessus
nessus
SUSE SLES15 : Important security update for SUSE Manager Client Tools (SUSE-SU-2022:3178-1)
2022-09-09 00:00:00
RHEL 7 / 8 : Ansible security update (2.9.18) (Moderate) (RHSA-2021:0663)
2021-02-24 00:00:00
RHEL 8 : RHV Engine and Host Common Packages security update [ovirt-4.4.6] (Moderate) (RHSA-2021:2180)
2021-06-01 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:3178-1)
2022-09-09 00:00:00
openSUSE: Security Advisory for Important (SUSE-SU-2022:3178-1)
2022-09-09 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2021-9a0903469c)
2021-03-02 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: ansible-2.9.18-1.fc32
2021-03-01 17:06:17
[SECURITY] Fedora 33 Update: ansible-2.9.18-1.fc33
2021-03-01 17:02:27
[SECURITY] Fedora 33 Update: ansible-2.9.23-1.fc33
2021-07-02 01:21:14
redhat
redhat
(RHSA-2021:2180) Moderate: RHV Engine and Host Common Packages security update [ovirt-4.4.6]
2021-06-01 11:44:42
(RHSA-2021:0664) Moderate: Ansible security and bug fix update (2.9.18)
2021-02-24 17:27:09
(RHSA-2021:0663) Moderate: Ansible security and bug fix update (2.9.18)
2021-02-24 17:26:48
mageia
mageia
Updated ansible packages fix security vulnerability
2021-03-12 04:25:47
Updated ansible packages fix security vulnerability
2021-03-12 04:25:47
Updated ansible packages fix security vulnerability
2021-09-23 07:49:29
archlinux
archlinux
[ASA-202102-9] ansible: information disclosure
2021-02-06 00:00:00
[ASA-202102-30] ansible-base: information disclosure
2021-02-20 00:00:00
amazon
amazon
Medium: ansible
2021-03-18 01:13:00
osv
osv
ansible - security update
2023-12-28 00:00:00
ansible vulnerabilities
2022-06-07 14:43:08
Insertion of Sensitive Information into Log File in ansible
2022-03-17 00:00:44
rosalinux
rosalinux
Advisory ROSA-SA-2024-2334
2024-01-30 08:40:29
debian
debian
[SECURITY] [DLA 3695-1] ansible security update
2023-12-28 17:44:01
[SECURITY] [DSA 4950-1] ansible security update
2021-08-07 09:26:39
photon
photon
Critical Photon OS Security Update - PHSA-2022-0528
2022-10-18 00:00:00
github
github
Ansible Exposes Sensitive Information
2022-05-25 19:22:34
Insertion of Sensitive Information into Log File in ansible
2022-03-17 00:00:44
Insertion of Sensitive Information into Log File in ansible
2021-06-01 21:38:33
cve
cve
CVE-2021-20228
2021-04-29 16:15:09
CVE-2021-20178
2021-05-26 12:15:18
CVE-2021-20180
2022-03-16 15:15:09
veracode
veracode
Information Disclosure
2021-02-25 06:28:44
Information Disclosure
2021-02-11 04:45:04
Information Disclosure
2021-02-25 06:28:49
ubuntucve
ubuntucve
CVE-2021-20228
2021-04-29 00:00:00
CVE-2021-20191
2021-05-26 00:00:00
CVE-2021-20180
2022-03-16 00:00:00
cbl_mariner
cbl_mariner
CVE-2021-20228 affecting package ansible 2.9.18-1
2021-10-22 04:51:42
CVE-2021-20178 affecting package ansible 2.9.12-1
2021-07-08 21:56:43
CVE-2021-20191 affecting package ansible 2.9.12-1
2021-07-08 21:56:43
ubuntu
ubuntu
Ansible vulnerabilities
2022-06-07 00:00:00
redhatcve
redhatcve
CVE-2021-20178
2021-01-11 18:15:53
CVE-2021-20191
2021-01-15 16:17:48
CVE-2021-20228
2021-02-04 15:22:16
prion
prion
Design/Logic Flaw
2021-05-26 21:15:00
Design/Logic Flaw
2021-04-29 16:15:00
Security feature bypass
2021-05-26 12:15:00
cvelist
cvelist
CVE-2021-20191
2021-05-26 00:00:00
CVE-2021-20228
2021-04-29 15:34:08
CVE-2021-20180
2022-03-16 14:12:30
debiancve
debiancve
CVE-2021-20191
2021-05-26 21:15:08
CVE-2021-20228
2021-04-29 16:15:09
CVE-2021-20180
2022-03-16 15:15:09
nvd
nvd
CVE-2021-20228
2021-04-29 16:15:09
CVE-2021-20191
2021-05-26 21:15:08
CVE-2021-20180
2022-03-16 15:15:09
ibm
ibm
Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System (CVE-2021-20228)
2021-05-24 12:08:29
Security Bulletin: Ansible vulnerability affects IBM Elastic Storage System (CVE-2021-3583)
2022-02-28 11:18:57
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to injection attacks in Ansible (CVE-2021-3583).
2023-01-12 21:59:00
alpinelinux
alpinelinux
CVE-2021-20191
2021-05-26 21:15:08
freebsd
freebsd
Ansible -- Templating engine bug
2021-06-10 00:00:00
Ansible -- Ansible user credentials disclosure in ansible-connection module
2021-06-25 00:00:00
suse
suse
Security update for ansible (important)
2022-03-16 00:00:00

EPSS

0.003

Percentile

70.7%

JSON
Related for SUSE-SU-2022:3178-1
nessus27openvas19fedora10redhat22mageia4archlinux2amazon1osv20rosalinux1debian2photon1github6cve7veracode6ubuntucve7cbl_mariner7ubuntu1redhatcve7prion7cvelist7debiancve7nvd7ibm8alpinelinux1freebsd2suse1