Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-40323 (GCVE-0-2021-40323)
Vulnerability from cvelistv5 – Published: 2021-10-04 05:37 – Updated: 2024-08-04 02:27
VLAI
EPSS
Summary
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://github.com/cobbler/cobbler/commit/d8f60bb… | x_refsource_MISC |
| https://github.com/cobbler/cobbler/releases/tag/v3.3.0 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:27:31.884Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-10-04T05:46:37.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"name": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-40323",
"datePublished": "2021-10-04T05:37:50.000Z",
"dateReserved": "2021-08-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T02:27:31.884Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-40323",
"date": "2026-05-29",
"epss": "0.93171",
"percentile": "0.99804"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.3.0\", \"matchCriteriaId\": \"9C8C2AC2-1199-4261-BA13-47515F80F826\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.\"}, {\"lang\": \"es\", \"value\": \"Cobbler versiones anteriores a 3.3.0, permite un envenenamiento de registros, y la resultante Ejecuci\\u00f3n de C\\u00f3digo Remota , por medio de un m\\u00e9todo XMLRPC que se registra en el archivo de registro para la inyecci\\u00f3n de plantillas\"}]",
"id": "CVE-2021-40323",
"lastModified": "2024-11-21T06:23:51.363",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-10-04T06:15:07.187",
"references": "[{\"url\": \"https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/cobbler/cobbler/releases/tag/v3.3.0\", \"source\": \"cve@mitre.org\", \"tags\": [\"Product\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/cobbler/cobbler/releases/tag/v3.3.0\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Product\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-40323\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2021-10-04T06:15:07.187\",\"lastModified\":\"2024-11-21T06:23:51.363\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.\"},{\"lang\":\"es\",\"value\":\"Cobbler versiones anteriores a 3.3.0, permite un envenenamiento de registros, y la resultante Ejecuci\u00f3n de C\u00f3digo Remota , por medio de un m\u00e9todo XMLRPC que se registra en el archivo de registro para la inyecci\u00f3n de plantillas\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.3.0\",\"matchCriteriaId\":\"9C8C2AC2-1199-4261-BA13-47515F80F826\"}]}]}],\"references\":[{\"url\":\"https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/cobbler/cobbler/releases/tag/v3.3.0\",\"source\":\"cve@mitre.org\",\"tags\":[\"Product\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/cobbler/cobbler/releases/tag/v3.3.0\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Product\",\"Third Party Advisory\"]}]}}"
}
}
Title
Cobbler远程代码执行漏洞
Description
Cobbler是一款网络安装服务器套件,它主要用于快速建立Linux网络安装环境。
Cobbler在3.3.0之前版本存在远程代码执行漏洞,该漏洞源于外部输入数据构造代码段的过程中,网络系统或产品未能正确过滤其中的特殊元素,攻击者可利用该漏洞通过特制的XMLRPC方法记录日志文件以进行模板注入,从而导致日志中毒和远程代码执行。
Severity
高
Patch Name
Cobbler远程代码执行漏洞的补丁
Patch Description
Cobbler是一款网络安装服务器套件,它主要用于快速建立Linux网络安装环境。
Cobbler在3.3.0之前版本存在远程代码执行漏洞,该漏洞源于外部输入数据构造代码段的过程中,网络系统或产品未能正确过滤其中的特殊元素,攻击者可利用该漏洞通过特制的XMLRPC方法记录日志文件以进行模板注入,从而导致日志中毒和远程代码执行。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://github.com/cobbler/cobbler/releases
Reference
https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a
Impacted products
| Name | Cobbler Cobbler <3.3.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2021-40323",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-40323"
}
},
"description": "Cobbler\u662f\u4e00\u6b3e\u7f51\u7edc\u5b89\u88c5\u670d\u52a1\u5668\u5957\u4ef6\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u5feb\u901f\u5efa\u7acbLinux\u7f51\u7edc\u5b89\u88c5\u73af\u5883\u3002\n\nCobbler\u57283.3.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684XMLRPC\u65b9\u6cd5\u8bb0\u5f55\u65e5\u5fd7\u6587\u4ef6\u4ee5\u8fdb\u884c\u6a21\u677f\u6ce8\u5165\uff0c\u4ece\u800c\u5bfc\u81f4\u65e5\u5fd7\u4e2d\u6bd2\u548c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/cobbler/cobbler/releases",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2022-18329",
"openTime": "2022-03-11",
"patchDescription": "Cobbler\u662f\u4e00\u6b3e\u7f51\u7edc\u5b89\u88c5\u670d\u52a1\u5668\u5957\u4ef6\uff0c\u5b83\u4e3b\u8981\u7528\u4e8e\u5feb\u901f\u5efa\u7acbLinux\u7f51\u7edc\u5b89\u88c5\u73af\u5883\u3002\r\n\r\nCobbler\u57283.3.0\u4e4b\u524d\u7248\u672c\u5b58\u5728\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5916\u90e8\u8f93\u5165\u6570\u636e\u6784\u9020\u4ee3\u7801\u6bb5\u7684\u8fc7\u7a0b\u4e2d\uff0c\u7f51\u7edc\u7cfb\u7edf\u6216\u4ea7\u54c1\u672a\u80fd\u6b63\u786e\u8fc7\u6ee4\u5176\u4e2d\u7684\u7279\u6b8a\u5143\u7d20\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u7279\u5236\u7684XMLRPC\u65b9\u6cd5\u8bb0\u5f55\u65e5\u5fd7\u6587\u4ef6\u4ee5\u8fdb\u884c\u6a21\u677f\u6ce8\u5165\uff0c\u4ece\u800c\u5bfc\u81f4\u65e5\u5fd7\u4e2d\u6bd2\u548c\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Cobbler\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Cobbler Cobbler \u003c3.3.0"
},
"referenceLink": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",
"serverity": "\u9ad8",
"submitTime": "2021-10-08",
"title": "Cobbler\u8fdc\u7a0b\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}
FKIE_CVE-2021-40323
Vulnerability from fkie_nvd - Published: 2021-10-04 06:15 - Updated: 2024-11-21 06:23
Severity
Summary
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/cobbler/cobbler/releases/tag/v3.3.0 | Product, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/cobbler/cobbler/releases/tag/v3.3.0 | Product, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| cobbler_project | cobbler | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9C8C2AC2-1199-4261-BA13-47515F80F826",
"versionEndIncluding": "3.3.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection."
},
{
"lang": "es",
"value": "Cobbler versiones anteriores a 3.3.0, permite un envenenamiento de registros, y la resultante Ejecuci\u00f3n de C\u00f3digo Remota , por medio de un m\u00e9todo XMLRPC que se registra en el archivo de registro para la inyecci\u00f3n de plantillas"
}
],
"id": "CVE-2021-40323",
"lastModified": "2024-11-21T06:23:51.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-10-04T06:15:07.187",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"source": "cve@mitre.org",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CPQF-3C3R-C9G2
Vulnerability from github – Published: 2021-10-05 17:53 – Updated: 2024-09-13 15:11
VLAI
Summary
Cobbler before 3.3.0 allows log poisoning
Details
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Severity
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cobbler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-40323"
],
"database_specific": {
"cwe_ids": [
"CWE-94"
],
"github_reviewed": true,
"github_reviewed_at": "2021-10-05T15:57:32Z",
"nvd_published_at": "2021-10-04T06:15:00Z",
"severity": "HIGH"
},
"details": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"id": "GHSA-cpqf-3c3r-c9g2",
"modified": "2024-09-13T15:11:50Z",
"published": "2021-10-05T17:53:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-40323"
},
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cpqf-3c3r-c9g2"
},
{
"type": "PACKAGE",
"url": "https://github.com/cobbler/cobbler"
},
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/cobbler/PYSEC-2021-373.yaml"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "Cobbler before 3.3.0 allows log poisoning"
}
GSD-2021-40323
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-40323",
"description": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"id": "GSD-2021-40323",
"references": [
"https://www.suse.com/security/cve/CVE-2021-40323.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-40323"
],
"details": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"id": "GSD-2021-40323",
"modified": "2023-12-13T01:23:25.631815Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40323",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"name": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0",
"refsource": "MISC",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c3.3.0",
"affected_versions": "All versions before 3.3.0",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-78",
"CWE-937",
"CWE-94"
],
"date": "2021-10-13",
"description": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"fixed_versions": [
"3.3.0"
],
"identifier": "CVE-2021-40323",
"identifiers": [
"GHSA-cpqf-3c3r-c9g2",
"CVE-2021-40323"
],
"not_impacted": "All versions starting from 3.3.0",
"package_slug": "pypi/Cobbler",
"pubdate": "2021-10-05",
"solution": "Upgrade to version 3.3.0 or above.",
"title": "Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2021-40323",
"https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",
"https://github.com/cobbler/cobbler/releases/tag/v3.3.0",
"https://github.com/advisories/GHSA-cpqf-3c3r-c9g2"
],
"uuid": "1f25c8dd-5e78-4e46-bb7d-eb6d1ded4a10"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:cobbler_project:cobbler:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.3.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-40323"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"name": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0",
"refsource": "MISC",
"tags": [
"Product",
"Third Party Advisory"
],
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-10-12T20:25Z",
"publishedDate": "2021-10-04T06:15Z"
}
}
}
PYSEC-2021-373
Vulnerability from pysec - Published: 2021-10-04 06:15 - Updated: 2021-10-19 21:47
VLAI
Details
Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.
Impacted products
| Name | purl | cobbler | pkg:pypi/cobbler |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "cobbler",
"purl": "pkg:pypi/cobbler"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
}
],
"repo": "https://github.com/cobbler/cobbler",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"0.6.3-2",
"3.1.2",
"3.2.1",
"3.2.2"
]
}
],
"aliases": [
"CVE-2021-40323",
"GHSA-cpqf-3c3r-c9g2"
],
"details": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"id": "PYSEC-2021-373",
"modified": "2021-10-19T21:47:31.690816Z",
"published": "2021-10-04T06:15:00Z",
"references": [
{
"type": "FIX",
"url": "https://github.com/cobbler/cobbler/commit/d8f60bbf14a838c8c8a1dba98086b223e35fe70a"
},
{
"type": "WEB",
"url": "https://github.com/cobbler/cobbler/releases/tag/v3.3.0"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cpqf-3c3r-c9g2"
}
]
}
SUSE-RU-2021:3162-1
Vulnerability from csaf_suse - Published: 2021-09-20 15:24 - Updated: 2021-09-20 15:24Summary
Recommended update for SUSE Manager 4.2.2 Release Notes
Severity
Low
Notes
Title of the patch: Recommended update for SUSE Manager 4.2.2 Release Notes
Description of the patch: This update for SUSE Manager 4.2.2 Release Notes provides the following additions:
Release notes for SUSE Manager:
- Update to 4.2.2
* SUSE Manager is now able to manage Rocky Linux 8 clients
* Tech Preview: Inter-Server Sync V2
* Bugs mentioned
bsc#1171483, bsc#1173143, bsc#1181223, bsc#1186281,
bsc#1186339, bsc#1187335, bsc#1187549, bsc#1188032,
bsc#1188042, bsc#1188136, bsc#1188163, bsc#1188193,
bsc#1188260, bsc#1188393, bsc#1188400, bsc#1188503,
bsc#1188505, bsc#1188551, bsc#1188641, bsc#1188647,
bsc#1188656, bsc#1188853, bsc#1188855, bsc#1189011,
bsc#1189040, bsc#1189167, bsc#1189419, bsc#1189458,
- CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458)
- CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458)
- CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458)
- Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded
to cobbler may be rejected.
Release notes for SUSE Manager proxy:
- Update to 4.2.2
* Bugs mentioned
bsc#1181223, bsc#1186026, bsc#1188042, bsc#1189011, bsc#1189263
Patchnames: SUSE-2021-3162,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2021-3162,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2021-3162,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2021-3162
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.1 (Critical)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
References
41 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Recommended update for SUSE Manager 4.2.2 Release Notes",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for SUSE Manager 4.2.2 Release Notes provides the following additions:\n\nRelease notes for SUSE Manager:\n\n- Update to 4.2.2\n * SUSE Manager is now able to manage Rocky Linux 8 clients\n * Tech Preview: Inter-Server Sync V2\n * Bugs mentioned\n bsc#1171483, bsc#1173143, bsc#1181223, bsc#1186281,\n bsc#1186339, bsc#1187335, bsc#1187549, bsc#1188032,\n bsc#1188042, bsc#1188136, bsc#1188163, bsc#1188193,\n bsc#1188260, bsc#1188393, bsc#1188400, bsc#1188503,\n bsc#1188505, bsc#1188551, bsc#1188641, bsc#1188647,\n bsc#1188656, bsc#1188853, bsc#1188855, bsc#1189011,\n bsc#1189040, bsc#1189167, bsc#1189419, bsc#1189458,\n - CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458)\n - CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458)\n - CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458)\n - Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded \n to cobbler may be rejected.\n\nRelease notes for SUSE Manager proxy:\n\n- Update to 4.2.2\n * Bugs mentioned\n bsc#1181223, bsc#1186026, bsc#1188042, bsc#1189011, bsc#1189263\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-3162,SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2021-3162,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2021-3162,SUSE-SLE-Product-SUSE-Manager-Server-4.2-2021-3162",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-ru-2021_3162-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-RU-2021:3162-1",
"url": "https://www.suse.com/support/update/announcement//suse-ru-20213162-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-RU-2021:3162-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2021-September/020230.html"
},
{
"category": "self",
"summary": "SUSE Bug 1171483",
"url": "https://bugzilla.suse.com/1171483"
},
{
"category": "self",
"summary": "SUSE Bug 1173143",
"url": "https://bugzilla.suse.com/1173143"
},
{
"category": "self",
"summary": "SUSE Bug 1181223",
"url": "https://bugzilla.suse.com/1181223"
},
{
"category": "self",
"summary": "SUSE Bug 1186026",
"url": "https://bugzilla.suse.com/1186026"
},
{
"category": "self",
"summary": "SUSE Bug 1186281",
"url": "https://bugzilla.suse.com/1186281"
},
{
"category": "self",
"summary": "SUSE Bug 1186339",
"url": "https://bugzilla.suse.com/1186339"
},
{
"category": "self",
"summary": "SUSE Bug 1187335",
"url": "https://bugzilla.suse.com/1187335"
},
{
"category": "self",
"summary": "SUSE Bug 1187549",
"url": "https://bugzilla.suse.com/1187549"
},
{
"category": "self",
"summary": "SUSE Bug 1188032",
"url": "https://bugzilla.suse.com/1188032"
},
{
"category": "self",
"summary": "SUSE Bug 1188042",
"url": "https://bugzilla.suse.com/1188042"
},
{
"category": "self",
"summary": "SUSE Bug 1188136",
"url": "https://bugzilla.suse.com/1188136"
},
{
"category": "self",
"summary": "SUSE Bug 1188163",
"url": "https://bugzilla.suse.com/1188163"
},
{
"category": "self",
"summary": "SUSE Bug 1188193",
"url": "https://bugzilla.suse.com/1188193"
},
{
"category": "self",
"summary": "SUSE Bug 1188260",
"url": "https://bugzilla.suse.com/1188260"
},
{
"category": "self",
"summary": "SUSE Bug 1188393",
"url": "https://bugzilla.suse.com/1188393"
},
{
"category": "self",
"summary": "SUSE Bug 1188400",
"url": "https://bugzilla.suse.com/1188400"
},
{
"category": "self",
"summary": "SUSE Bug 1188503",
"url": "https://bugzilla.suse.com/1188503"
},
{
"category": "self",
"summary": "SUSE Bug 1188505",
"url": "https://bugzilla.suse.com/1188505"
},
{
"category": "self",
"summary": "SUSE Bug 1188551",
"url": "https://bugzilla.suse.com/1188551"
},
{
"category": "self",
"summary": "SUSE Bug 1188641",
"url": "https://bugzilla.suse.com/1188641"
},
{
"category": "self",
"summary": "SUSE Bug 1188647",
"url": "https://bugzilla.suse.com/1188647"
},
{
"category": "self",
"summary": "SUSE Bug 1188656",
"url": "https://bugzilla.suse.com/1188656"
},
{
"category": "self",
"summary": "SUSE Bug 1188853",
"url": "https://bugzilla.suse.com/1188853"
},
{
"category": "self",
"summary": "SUSE Bug 1188855",
"url": "https://bugzilla.suse.com/1188855"
},
{
"category": "self",
"summary": "SUSE Bug 1189011",
"url": "https://bugzilla.suse.com/1189011"
},
{
"category": "self",
"summary": "SUSE Bug 1189040",
"url": "https://bugzilla.suse.com/1189040"
},
{
"category": "self",
"summary": "SUSE Bug 1189167",
"url": "https://bugzilla.suse.com/1189167"
},
{
"category": "self",
"summary": "SUSE Bug 1189263",
"url": "https://bugzilla.suse.com/1189263"
},
{
"category": "self",
"summary": "SUSE Bug 1189419",
"url": "https://bugzilla.suse.com/1189419"
},
{
"category": "self",
"summary": "SUSE Bug 1189458",
"url": "https://bugzilla.suse.com/1189458"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40323 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40324 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40325 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40325/"
}
],
"title": "Recommended update for SUSE Manager 4.2.2 Release Notes",
"tracking": {
"current_release_date": "2021-09-20T15:24:13Z",
"generator": {
"date": "2021-09-20T15:24:13Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-RU-2021:3162-1",
"initial_release_date": "2021-09-20T15:24:13Z",
"revision_history": [
{
"date": "2021-09-20T15:24:13Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.2-3.12.1.aarch64",
"product": {
"name": "release-notes-susemanager-4.2.2-3.12.1.aarch64",
"product_id": "release-notes-susemanager-4.2.2-3.12.1.aarch64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.aarch64",
"product": {
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.aarch64",
"product_id": "release-notes-susemanager-proxy-4.2.2-3.12.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.2-3.12.1.i586",
"product": {
"name": "release-notes-susemanager-4.2.2-3.12.1.i586",
"product_id": "release-notes-susemanager-4.2.2-3.12.1.i586"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.i586",
"product": {
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.i586",
"product_id": "release-notes-susemanager-proxy-4.2.2-3.12.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"product": {
"name": "release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"product_id": "release-notes-susemanager-4.2.2-3.12.1.ppc64le"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.ppc64le",
"product": {
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.ppc64le",
"product_id": "release-notes-susemanager-proxy-4.2.2-3.12.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.2-3.12.1.s390x",
"product": {
"name": "release-notes-susemanager-4.2.2-3.12.1.s390x",
"product_id": "release-notes-susemanager-4.2.2-3.12.1.s390x"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.s390x",
"product": {
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.s390x",
"product_id": "release-notes-susemanager-proxy-4.2.2-3.12.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "release-notes-susemanager-4.2.2-3.12.1.x86_64",
"product": {
"name": "release-notes-susemanager-4.2.2-3.12.1.x86_64",
"product_id": "release-notes-susemanager-4.2.2-3.12.1.x86_64"
}
},
{
"category": "product_version",
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"product": {
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"product_id": "release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Proxy 4.2",
"product": {
"name": "SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Retail Branch Server 4.2",
"product": {
"name": "SUSE Manager Retail Branch Server 4.2",
"product_id": "SUSE Manager Retail Branch Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-retail-branch-server:4.2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 4.2",
"product": {
"name": "SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:4.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64 as component of SUSE Manager Proxy 4.2",
"product_id": "SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64 as component of SUSE Manager Retail Branch Server 4.2",
"product_id": "SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64"
},
"product_reference": "release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Retail Branch Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.2-3.12.1.ppc64le as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le"
},
"product_reference": "release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.2-3.12.1.s390x as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x"
},
"product_reference": "release-notes-susemanager-4.2.2-3.12.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "release-notes-susemanager-4.2.2-3.12.1.x86_64 as component of SUSE Manager Server 4.2",
"product_id": "SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
},
"product_reference": "release-notes-susemanager-4.2.2-3.12.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-40323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40323"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40323",
"url": "https://www.suse.com/security/cve/CVE-2021-40323"
},
{
"category": "external",
"summary": "SUSE Bug 1189458 for CVE-2021-40323",
"url": "https://bugzilla.suse.com/1189458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:24:13Z",
"details": "critical"
}
],
"title": "CVE-2021-40323"
},
{
"cve": "CVE-2021-40324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40324"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40324",
"url": "https://www.suse.com/security/cve/CVE-2021-40324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:24:13Z",
"details": "critical"
}
],
"title": "CVE-2021-40324"
},
{
"cve": "CVE-2021-40325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40325"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows authorization bypass for modification of settings.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40325",
"url": "https://www.suse.com/security/cve/CVE-2021-40325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Proxy 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Retail Branch Server 4.2:release-notes-susemanager-proxy-4.2.2-3.12.1.x86_64",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.ppc64le",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.s390x",
"SUSE Manager Server 4.2:release-notes-susemanager-4.2.2-3.12.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:24:13Z",
"details": "critical"
}
],
"title": "CVE-2021-40325"
}
]
}
SUSE-SU-2021:3151-1
Vulnerability from csaf_suse - Published: 2021-09-20 15:21 - Updated: 2021-09-20 15:21Summary
Security update for cobbler
Severity
Critical
Notes
Title of the patch: Security update for cobbler
Description of the patch: This update for cobbler fixes the following issues:
Security issues fixed:
- CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458)
- CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458)
- CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458)
- Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to
cobbler may be rejected
Patchnames: SUSE-2021-3151,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3151
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.1 (Critical)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for cobbler",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for cobbler fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458)\n- CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458)\n- CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458)\n\n- Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to \n cobbler may be rejected\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-3151,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2021-3151",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3151-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:3151-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213151-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:3151-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009468.html"
},
{
"category": "self",
"summary": "SUSE Bug 1189458",
"url": "https://bugzilla.suse.com/1189458"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40323 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40324 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40325 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40325/"
}
],
"title": "Security update for cobbler",
"tracking": {
"current_release_date": "2021-09-20T15:21:44Z",
"generator": {
"date": "2021-09-20T15:21:44Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:3151-1",
"initial_release_date": "2021-09-20T15:21:44Z",
"revision_history": [
{
"date": "2021-09-20T15:21:44Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch",
"product": {
"name": "cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch",
"product_id": "cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch",
"product": {
"name": "cobbler-tests-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch",
"product_id": "cobbler-tests-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-web-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch",
"product": {
"name": "cobbler-web-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch",
"product_id": "cobbler-web-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.1",
"product": {
"name": "SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
},
"product_reference": "cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-40323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40323"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40323",
"url": "https://www.suse.com/security/cve/CVE-2021-40323"
},
{
"category": "external",
"summary": "SUSE Bug 1189458 for CVE-2021-40323",
"url": "https://bugzilla.suse.com/1189458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:21:44Z",
"details": "critical"
}
],
"title": "CVE-2021-40323"
},
{
"cve": "CVE-2021-40324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40324"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40324",
"url": "https://www.suse.com/security/cve/CVE-2021-40324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:21:44Z",
"details": "critical"
}
],
"title": "CVE-2021-40324"
},
{
"cve": "CVE-2021-40325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40325"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows authorization bypass for modification of settings.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40325",
"url": "https://www.suse.com/security/cve/CVE-2021-40325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:cobbler-3.0.0+git20190806.32c4bae0-8.22.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:21:44Z",
"details": "critical"
}
],
"title": "CVE-2021-40325"
}
]
}
SUSE-SU-2021:3170-1
Vulnerability from csaf_suse - Published: 2021-09-20 15:26 - Updated: 2021-09-20 15:26Summary
Security update for SUSE Manager Server 4.2
Severity
Critical
Notes
Title of the patch: Security update for SUSE Manager Server 4.2
Description of the patch: This update fixes the following issues:
branch-network-formula:
- Use kernel parameters from PXE formula also for local boot
cobbler - security issues fixed:
- CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458)
- CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458)
- CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458)
- Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to
cobbler may be rejected:
cpu-mitigations-formula:
- Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions
openvpn-formula:
- Changed package to noarch.
prometheus-exporters-formula:
- Fix formula data migration with missing exporter configuration (bsc#1188136)
py26-compat-salt:
- Fix error handling in openscap module (bsc#1188647)
- Define license macro as doc in spec file if not existing
py27-compat-salt:
- Add missing aarch64 to rpm package architectures
- Consolidate some state requisites (bsc#1188641)
- Fix failing unit test for systemd
- Fix error handling in openscap module (bsc#1188647)
- Better handling of bad public keys from minions (bsc#1189040)
- Define license macro as doc in spec file if not existing
saltboot-formula:
- Use kernel parameters from PXE formula also for local boot
spacecmd:
- Update translation strings
- Make schedule_deletearchived to get all actions without display limit
- Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)
- Use correct API endpoint in list_proxies (bsc#1188042)
- Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)
spacewalk-backend:
- Update translation strings
- Fix typo 'verfication' instead of 'verification'
spacewalk-certs-tools:
- Prepare the bootstrap script generator for Rocky Linux 8
spacewalk-client-tools:
- Update translation strings
spacewalk-java:
- Show AppStreams tab just for modular channels
- Fix Json null comparison in virtual network info parsing (bsc#1189167)
- Update translation strings
- 'AppStreams with defaults' filter template in CLM
- Add a link to OS image store dir in image list page
- Do not log XMLRPC fault exceptions as errors (bsc#1188853)
- XMLRPC: Add call for listing application monitoring endpoints
- AppStreams tab for modular channels
- Link to CLM filter creation from system details page
- Allow getting all archived actions via XMLRPC without display limit (bsc#1181223)
- Fix NPE when no redhat info could be fetched
- Java enablement for Rocky Linux 8
- Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163)
- Properly handle virtual networks without defined bridge (bsc#1189167)
- Mark SSH minion actions when they're picked up (bsc#1188505)
- Add UEFI support for VM creation / editing
- Add virt-tuner templates to VM creation
- Fix cleanup always being executed on delete system (bsc#1189011)
- Warning in Overview page for SLE Micro system (bsc#1188551)
- Add support for Kiwi options
- Ensure XMLRPC returns 'issue_date' in ISO format when listing erratas (bsc#1188260)
- Fix NullPointerException in HardwareMapper.getUpdatedGuestMemory
- Fix entitlements not being updated during system transfer (bsc#1188032)
- Simplify the VM creation action in DB
- Get CPU data for AArch64
- Handle virtual machines running on pacemaker cluster
- Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)
- Add Beijing timezone to selectable timezones (bsc#1188193)
- Fix updating primary net interface on hardware refresh (bsc#1188400)
- Fix issues when removing archived actions using XMLRPC api (bsc#1181223)
- Readable error when 'mgr-sync add channel' is called with a no-existing label (bsc#1173143)
spacewalk-setup:
- Enable logging for salt SSH
- Increase max size for uploaded files to Salt master
spacewalk-utils:
- Add Rocky Linux 8 repositories
spacewalk-web:
- Don't capitalize acronyms
- Update translation strings
- 'AppStreams with defaults' filter template in CLM
- Add a link to OS image store dir in image list page
- Link to CLM filter creation from system details page
- Expose UEFI parameters in the VM creation/editing pages
- Add virt-tuner templates to VM creation
- Fix cleanup always being executed on delete system (bsc#1189011)
- Add support for Kiwi options
- Fix virtualization guests to handle null HostInfo
- Compare lowercase CPU arch with libvirt domain capabilities
- Refresh JWT virtual console token before it expires
- Handle virtual machines running on pacemaker cluster
susemanager:
- Abort migration if data_directory is defined at the PostgreSQL
configuration file
- Update translation strings
- Add bootstrap repository definitions for Rocky Linux 8
susemanager-build-keys:
- Add Debian 11
- Add Rocky Linux 8
susemanager-doc-indexes:
- Added SUSE Linux Enterprise 15 Service Pack 3 to clients list
- Add information about pam service name limitations
- Add SUSE Linux Enterprise Micro to supported features table
- Add SUSE Linux Enterprise Micro client to support matrix page
- Replaced remaining occurrences of 'Service Pack Migration' to 'Product Migration'
- Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide
- Added missing Rocky instructions to the Client Configuration Guide
- Updated setup section in the Installation Guide about troubleshooting freely available products
- Added channel synchronization warning in the product migration chapter of the Client Configuration Guide
- Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and
Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)
- In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855)
- Additional information added for Inter Server Sync v2 on limitations and configuration
- Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration
chapter of the Administration Guide (bsc#1189419)
- Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with
Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335)
- Corrected the package name for PAM authentication (bsc#1171483)
- Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other
clients in alphabetical order for better user experience
- In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch
Server
- Added a warning on Ansible hardware requirements to the Retail Guide
- Improved warning on over-writing images in public cloud in the Client Configuration Guide
- Reference Guide: removed underscores in page titles and nav bar links.
- Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549)
- Documented KIWI options and profile selection in Administration Guide
- Added note about autoinstallation kernel options and Azure clients
- Added general information about SUSE Manager registration code that you can obtain from a 'SUSE Manager Lifecycle
Management+' subscription
- Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section
- In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail
Branch Server
- Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339)
- Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide
- Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle
clients
susemanager-docs_en:
- Added SUSE Linux Enterprise 15 Service Pack 3 to clients list
- Add information about pam service name limitations
- Add SUSE Linux Enterprise Micro to supported features table
- Add SUSE Linux Enterprise Micro client to support matrix page
- Replaced remaining occurrences of 'Service Pack Migration' to 'Product Migration'
- Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide
- Added missing Rocky instructions to the Client Configuration Guide
- Updated setup section in the Installation Guide about troubleshooting freely available products
- Added channel synchronization warning in the product migration chapter of the Client Configuration Guide
- Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and
Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)
- In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855)
- Additional information added for Inter Server Sync v2 on limitations and configuration
- Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration
chapter of the Administration Guide (bsc#1189419)
- Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with
Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335)
- Corrected the package name for PAM authentication (bsc#1171483)
- Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other
clients in alphabetical order for better user experience
- In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch
Server
- Added a warning on Ansible hardware requirements to the Retail Guide
- Improved warning on over-writing images in public cloud in the Client Configuration Guide
- Reference Guide: removed underscores in page titles and nav bar links.
- Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549)
- Documented KIWI options and profile selection in Administration Guide
- Added note about autoinstallation kernel options and Azure clients
- Added general information about SUSE Manager registration code that you can obtain from a 'SUSE Manager Lifecycle
Management+' subscription
- Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section
- In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch
Server
- Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339)
- Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide
- Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle
clients
susemanager-schema:
- Add Rocky Linux 8 key and vendor
- Fix wrongly assigned entitlements due to system transfer (bsc#1188032)
- Force a one-off VACUUM ANALYZE
- Add Kiwi commandline options to Kiwi profile
- Upgrade scripts idempotency fixes
- Simplify the VM creation action in DB
- Handle virtual machines running on pacemaker cluster
- Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)
- Add Beijing timezone to selectable timezones (bsc#1188193)
susemanager-sls:
- Add Rocky Linux 8 support
- Enable logrotate configuration for Salt SSH minion logs
- Add UEFI support for VM creation
- Add virt-tuner templates to VM creation
- Handle more ocsf2 setups in virt_utils module
- Add missing symlinks to generate the 'certs' state for SLE Micro 5.0 and openSUSE MicroOS minions (bsc#1188503)
- Add findutils to Kiwi bootstrap packages
- Remove systemid file on salt client cleanup
- Add support for Kiwi options
- Skip 'update-ca-certificates' run if the certs are updated automatically
- Use lscpu to provide more CPU grains for all architectures
- Fix deleting stopped virtual network (bsc#1186281)
- Handle virtual machines running on pacemaker cluster
susemanager-sync-data:
- Support Rocky Linux 8 x86_64
- Add channel family for MicroOS Z
- Set OES 2018 SP3 to released
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
`spacewalk-service stop`
3. Apply the patch using either zypper patch or YaST Online Update.
4. Start the Spacewalk service:
`spacewalk-service start`
Patchnames: SUSE-2021-3170,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3170
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.1 (Critical)
Affected products
Recommended
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
8.1 (High)
Affected products
Recommended
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
7.5 (High)
Affected products
Recommended
59 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch | — |
Vendor Fix
|
Threats
Impact
critical
References
39 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "critical"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.2",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nbranch-network-formula:\n\n- Use kernel parameters from PXE formula also for local boot\n\ncobbler - security issues fixed:\n\n- CVE-2021-40323: Fixed an arbitrary file disclosure/Template Injection (bsc#1189458)\n- CVE-2021-40324: Fixed an arbitrary file write (bsc#1189458)\n- CVE-2021-40325: Fixed a problem with the token validation (bsc#1189458)\n- Please note that with these changes, a valid log data from Anamon (Red Hat Autoinstallation Process) uploaded to \n cobbler may be rejected:\n\ncpu-mitigations-formula:\n\n- Add SLES 15 SP3 and openSUSE Leap 15.3 to supported versions\n\nopenvpn-formula:\n\n- Changed package to noarch.\n\nprometheus-exporters-formula:\n\n- Fix formula data migration with missing exporter configuration (bsc#1188136)\n\npy26-compat-salt:\n\n- Fix error handling in openscap module (bsc#1188647)\n- Define license macro as doc in spec file if not existing \n\npy27-compat-salt:\n\n- Add missing aarch64 to rpm package architectures\n- Consolidate some state requisites (bsc#1188641)\n- Fix failing unit test for systemd\n- Fix error handling in openscap module (bsc#1188647)\n- Better handling of bad public keys from minions (bsc#1189040)\n- Define license macro as doc in spec file if not existing\n\nsaltboot-formula:\n\n- Use kernel parameters from PXE formula also for local boot\n\nspacecmd:\n\n- Update translation strings\n- Make schedule_deletearchived to get all actions without display limit\n- Allow passing a date limit for schedule_deletearchived on spacecmd (bsc#1181223)\n- Use correct API endpoint in list_proxies (bsc#1188042)\n- Add schedule_deletearchived to bulk delete archived actions (bsc#1181223)\n\nspacewalk-backend:\n\n- Update translation strings\n- Fix typo \u0027verfication\u0027 instead of \u0027verification\u0027\n\nspacewalk-certs-tools:\n\n- Prepare the bootstrap script generator for Rocky Linux 8\n\nspacewalk-client-tools:\n\n- Update translation strings\n\nspacewalk-java:\n\n- Show AppStreams tab just for modular channels\n- Fix Json null comparison in virtual network info parsing (bsc#1189167)\n- Update translation strings\n- \u0027AppStreams with defaults\u0027 filter template in CLM\n- Add a link to OS image store dir in image list page\n- Do not log XMLRPC fault exceptions as errors (bsc#1188853)\n- XMLRPC: Add call for listing application monitoring endpoints\n- AppStreams tab for modular channels\n- Link to CLM filter creation from system details page\n- Allow getting all archived actions via XMLRPC without display limit (bsc#1181223)\n- Fix NPE when no redhat info could be fetched\n- Java enablement for Rocky Linux 8\n- Delete ActionChains when the last action is a Reboot and it completes (bsc#1188163)\n- Properly handle virtual networks without defined bridge (bsc#1189167)\n- Mark SSH minion actions when they\u0027re picked up (bsc#1188505)\n- Add UEFI support for VM creation / editing\n- Add virt-tuner templates to VM creation\n- Fix cleanup always being executed on delete system (bsc#1189011)\n- Warning in Overview page for SLE Micro system (bsc#1188551)\n- Add support for Kiwi options\n- Ensure XMLRPC returns \u0027issue_date\u0027 in ISO format when listing erratas (bsc#1188260)\n- Fix NullPointerException in HardwareMapper.getUpdatedGuestMemory\n- Fix entitlements not being updated during system transfer (bsc#1188032)\n- Simplify the VM creation action in DB\n- Get CPU data for AArch64\n- Handle virtual machines running on pacemaker cluster\n- Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)\n- Add Beijing timezone to selectable timezones (bsc#1188193)\n- Fix updating primary net interface on hardware refresh (bsc#1188400)\n- Fix issues when removing archived actions using XMLRPC api (bsc#1181223)\n- Readable error when \u0027mgr-sync add channel\u0027 is called with a no-existing label (bsc#1173143)\n\nspacewalk-setup:\n\n- Enable logging for salt SSH\n- Increase max size for uploaded files to Salt master\n\nspacewalk-utils:\n\n- Add Rocky Linux 8 repositories\n\nspacewalk-web:\n\n- Don\u0027t capitalize acronyms\n- Update translation strings\n- \u0027AppStreams with defaults\u0027 filter template in CLM\n- Add a link to OS image store dir in image list page\n- Link to CLM filter creation from system details page\n- Expose UEFI parameters in the VM creation/editing pages\n- Add virt-tuner templates to VM creation\n- Fix cleanup always being executed on delete system (bsc#1189011)\n- Add support for Kiwi options\n- Fix virtualization guests to handle null HostInfo\n- Compare lowercase CPU arch with libvirt domain capabilities\n- Refresh JWT virtual console token before it expires\n- Handle virtual machines running on pacemaker cluster\n\nsusemanager:\n\n- Abort migration if data_directory is defined at the PostgreSQL\n configuration file\n- Update translation strings\n- Add bootstrap repository definitions for Rocky Linux 8\n\nsusemanager-build-keys:\n\n- Add Debian 11\n- Add Rocky Linux 8\n\nsusemanager-doc-indexes:\n\n- Added SUSE Linux Enterprise 15 Service Pack 3 to clients list\n- Add information about pam service name limitations\n- Add SUSE Linux Enterprise Micro to supported features table\n- Add SUSE Linux Enterprise Micro client to support matrix page\n- Replaced remaining occurrences of \u0027Service Pack Migration\u0027 to \u0027Product Migration\u0027\n- Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide\n- Added missing Rocky instructions to the Client Configuration Guide\n- Updated setup section in the Installation Guide about troubleshooting freely available products\n- Added channel synchronization warning in the product migration chapter of the Client Configuration Guide\n- Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and \n Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)\n- In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855)\n- Additional information added for Inter Server Sync v2 on limitations and configuration\n- Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration \n chapter of the Administration Guide (bsc#1189419)\n- Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with \n Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335)\n- Corrected the package name for PAM authentication (bsc#1171483)\n- Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other \n clients in alphabetical order for better user experience\n- In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch \n Server\n- Added a warning on Ansible hardware requirements to the Retail Guide\n- Improved warning on over-writing images in public cloud in the Client Configuration Guide\n- Reference Guide: removed underscores in page titles and nav bar links.\n- Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549)\n- Documented KIWI options and profile selection in Administration Guide\n- Added note about autoinstallation kernel options and Azure clients\n- Added general information about SUSE Manager registration code that you can obtain from a \u0027SUSE Manager Lifecycle \n Management+\u0027 subscription\n- Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section\n- In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail \n Branch Server\n- Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339)\n- Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide\n- Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle \n clients\n\nsusemanager-docs_en:\n\n- Added SUSE Linux Enterprise 15 Service Pack 3 to clients list\n- Add information about pam service name limitations\n- Add SUSE Linux Enterprise Micro to supported features table\n- Add SUSE Linux Enterprise Micro client to support matrix page\n- Replaced remaining occurrences of \u0027Service Pack Migration\u0027 to \u0027Product Migration\u0027\n- Reworded the Advanced virtual guest management description for clarity in Client Configuration Guide\n- Added missing Rocky instructions to the Client Configuration Guide\n- Updated setup section in the Installation Guide about troubleshooting freely available products\n- Added channel synchronization warning in the product migration chapter of the Client Configuration Guide\n- Removed Red Hat Enterprise Linux 6, SUSE Linux Enterprise Server Expanded Support 6, Oracle Linux 6, CentOS 6, and \n Ubuntu 16.04 LTS as supported client systems in the Client Configuration Guide (bsc#1188656)\n- In the Prometheus chapter of the Administration Guide advise to store data locally (bsc#1188855)\n- Additional information added for Inter Server Sync v2 on limitations and configuration\n- Documented required SUSE Linux Enterprise Server version for the Ansible control node in the Ansible Integration \n chapter of the Administration Guide (bsc#1189419)\n- Added information about installing Python 3.6 on CentOS, Oracle Linux, Almalinux, SUSE Linux Enterprise Server with \n Expanded Support, and Red Hat in the Client Configuration Guide (bsc#1187335)\n- Corrected the package name for PAM authentication (bsc#1171483)\n- Client Configuration Guide: reorganized navigation bar to list SUSE Linux Enterprise Server, openSUSE and other \n clients in alphabetical order for better user experience\n- In the Ansible chapter of the Administration Guide mention that Ansible is available on Proxy and Retail Branch \n Server\n- Added a warning on Ansible hardware requirements to the Retail Guide\n- Improved warning on over-writing images in public cloud in the Client Configuration Guide\n- Reference Guide: removed underscores in page titles and nav bar links.\n- Provide more information about Salt SSH user configuration in the Salt Guide (bsc#1187549)\n- Documented KIWI options and profile selection in Administration Guide\n- Added note about autoinstallation kernel options and Azure clients\n- Added general information about SUSE Manager registration code that you can obtain from a \u0027SUSE Manager Lifecycle \n Management+\u0027 subscription\n- Document new Salt SSH logs at the Client Configuration Guide, Troubleshooting section\n- In the monitoring chapter of the Administration Guide mention that Prometheus is available on Proxy and Retail Branch\n Server\n- Added warning on Prometheus hardware requirements in the Retail Guide (bsc#1186339)\n- Documented spacecmd installation on Ubuntu 18.04 and 20.04 in Client Configuration Guide\n- Amended Client Configuration Guide to exclude paragraphs that are Uyuni specific for CentOS, AlmaLinux and Oracle \n clients\n\nsusemanager-schema:\n\n- Add Rocky Linux 8 key and vendor\n- Fix wrongly assigned entitlements due to system transfer (bsc#1188032)\n- Force a one-off VACUUM ANALYZE\n- Add Kiwi commandline options to Kiwi profile\n- Upgrade scripts idempotency fixes\n- Simplify the VM creation action in DB\n- Handle virtual machines running on pacemaker cluster\n- Refresh virtual host pillar to clear the virtpoller beacon (bsc#1188393)\n- Add Beijing timezone to selectable timezones (bsc#1188193)\n\nsusemanager-sls:\n\n- Add Rocky Linux 8 support\n- Enable logrotate configuration for Salt SSH minion logs\n- Add UEFI support for VM creation\n- Add virt-tuner templates to VM creation\n- Handle more ocsf2 setups in virt_utils module\n- Add missing symlinks to generate the \u0027certs\u0027 state for SLE Micro 5.0 and openSUSE MicroOS minions (bsc#1188503)\n- Add findutils to Kiwi bootstrap packages\n- Remove systemid file on salt client cleanup\n- Add support for Kiwi options\n- Skip \u0027update-ca-certificates\u0027 run if the certs are updated automatically\n- Use lscpu to provide more CPU grains for all architectures\n- Fix deleting stopped virtual network (bsc#1186281)\n- Handle virtual machines running on pacemaker cluster\n\nsusemanager-sync-data:\n\n- Support Rocky Linux 8 x86_64\n- Add channel family for MicroOS Z\n- Set OES 2018 SP3 to released\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\n`spacewalk-service stop`\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Start the Spacewalk service:\n`spacewalk-service start`\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-3170,SUSE-SLE-Module-SUSE-Manager-Server-4.2-2021-3170",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3170-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:3170-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20213170-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:3170-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-September/009469.html"
},
{
"category": "self",
"summary": "SUSE Bug 1171483",
"url": "https://bugzilla.suse.com/1171483"
},
{
"category": "self",
"summary": "SUSE Bug 1173143",
"url": "https://bugzilla.suse.com/1173143"
},
{
"category": "self",
"summary": "SUSE Bug 1181223",
"url": "https://bugzilla.suse.com/1181223"
},
{
"category": "self",
"summary": "SUSE Bug 1186281",
"url": "https://bugzilla.suse.com/1186281"
},
{
"category": "self",
"summary": "SUSE Bug 1186339",
"url": "https://bugzilla.suse.com/1186339"
},
{
"category": "self",
"summary": "SUSE Bug 1187335",
"url": "https://bugzilla.suse.com/1187335"
},
{
"category": "self",
"summary": "SUSE Bug 1187549",
"url": "https://bugzilla.suse.com/1187549"
},
{
"category": "self",
"summary": "SUSE Bug 1188032",
"url": "https://bugzilla.suse.com/1188032"
},
{
"category": "self",
"summary": "SUSE Bug 1188042",
"url": "https://bugzilla.suse.com/1188042"
},
{
"category": "self",
"summary": "SUSE Bug 1188136",
"url": "https://bugzilla.suse.com/1188136"
},
{
"category": "self",
"summary": "SUSE Bug 1188163",
"url": "https://bugzilla.suse.com/1188163"
},
{
"category": "self",
"summary": "SUSE Bug 1188193",
"url": "https://bugzilla.suse.com/1188193"
},
{
"category": "self",
"summary": "SUSE Bug 1188260",
"url": "https://bugzilla.suse.com/1188260"
},
{
"category": "self",
"summary": "SUSE Bug 1188393",
"url": "https://bugzilla.suse.com/1188393"
},
{
"category": "self",
"summary": "SUSE Bug 1188400",
"url": "https://bugzilla.suse.com/1188400"
},
{
"category": "self",
"summary": "SUSE Bug 1188503",
"url": "https://bugzilla.suse.com/1188503"
},
{
"category": "self",
"summary": "SUSE Bug 1188505",
"url": "https://bugzilla.suse.com/1188505"
},
{
"category": "self",
"summary": "SUSE Bug 1188551",
"url": "https://bugzilla.suse.com/1188551"
},
{
"category": "self",
"summary": "SUSE Bug 1188641",
"url": "https://bugzilla.suse.com/1188641"
},
{
"category": "self",
"summary": "SUSE Bug 1188647",
"url": "https://bugzilla.suse.com/1188647"
},
{
"category": "self",
"summary": "SUSE Bug 1188656",
"url": "https://bugzilla.suse.com/1188656"
},
{
"category": "self",
"summary": "SUSE Bug 1188853",
"url": "https://bugzilla.suse.com/1188853"
},
{
"category": "self",
"summary": "SUSE Bug 1188855",
"url": "https://bugzilla.suse.com/1188855"
},
{
"category": "self",
"summary": "SUSE Bug 1189011",
"url": "https://bugzilla.suse.com/1189011"
},
{
"category": "self",
"summary": "SUSE Bug 1189040",
"url": "https://bugzilla.suse.com/1189040"
},
{
"category": "self",
"summary": "SUSE Bug 1189167",
"url": "https://bugzilla.suse.com/1189167"
},
{
"category": "self",
"summary": "SUSE Bug 1189419",
"url": "https://bugzilla.suse.com/1189419"
},
{
"category": "self",
"summary": "SUSE Bug 1189458",
"url": "https://bugzilla.suse.com/1189458"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40323 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40323/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40324 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40324/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-40325 page",
"url": "https://www.suse.com/security/cve/CVE-2021-40325/"
}
],
"title": "Security update for SUSE Manager Server 4.2",
"tracking": {
"current_release_date": "2021-09-20T15:26:33Z",
"generator": {
"date": "2021-09-20T15:26:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:3170-1",
"initial_release_date": "2021-09-20T15:26:33Z",
"revision_history": [
{
"date": "2021-09-20T15:26:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.0.5-8.3.2.aarch64",
"product": {
"name": "inter-server-sync-0.0.5-8.3.2.aarch64",
"product_id": "inter-server-sync-0.0.5-8.3.2.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-4.2.22-3.6.1.aarch64",
"product": {
"name": "susemanager-4.2.22-3.6.1.aarch64",
"product_id": "susemanager-4.2.22-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.aarch64",
"product": {
"name": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.aarch64",
"product_id": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.2.22-3.6.1.aarch64",
"product": {
"name": "susemanager-tools-4.2.22-3.6.1.aarch64",
"product_id": "susemanager-tools-4.2.22-3.6.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"product": {
"name": "branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"product_id": "branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-3.1.2-5.8.1.noarch",
"product": {
"name": "cobbler-3.1.2-5.8.1.noarch",
"product_id": "cobbler-3.1.2-5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-tests-3.1.2-5.8.1.noarch",
"product": {
"name": "cobbler-tests-3.1.2-5.8.1.noarch",
"product_id": "cobbler-tests-3.1.2-5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "cobbler-web-3.1.2-5.8.1.noarch",
"product": {
"name": "cobbler-web-3.1.2-5.8.1.noarch",
"product_id": "cobbler-web-3.1.2-5.8.1.noarch"
}
},
{
"category": "product_version",
"name": "cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"product": {
"name": "cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"product_id": "cpu-mitigations-formula-0.4.0-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "mgr-daemon-4.2.8-2.3.2.noarch",
"product": {
"name": "mgr-daemon-4.2.8-2.3.2.noarch",
"product_id": "mgr-daemon-4.2.8-2.3.2.noarch"
}
},
{
"category": "product_version",
"name": "openvpn-formula-0.1.2-3.3.1.noarch",
"product": {
"name": "openvpn-formula-0.1.2-3.3.1.noarch",
"product_id": "openvpn-formula-0.1.2-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"product": {
"name": "prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"product_id": "prometheus-exporters-formula-1.0.3-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"product": {
"name": "py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"product_id": "py26-compat-salt-2016.11.10-11.28.6.1.noarch"
}
},
{
"category": "product_version",
"name": "py27-compat-salt-3000.3-7.7.8.1.noarch",
"product": {
"name": "py27-compat-salt-3000.3-7.7.8.1.noarch",
"product_id": "py27-compat-salt-3000.3-7.7.8.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"product": {
"name": "python2-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"product_id": "python2-spacewalk-certs-tools-4.2.12-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-check-4.2.13-4.6.3.noarch",
"product": {
"name": "python2-spacewalk-check-4.2.13-4.6.3.noarch",
"product_id": "python2-spacewalk-check-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-client-setup-4.2.13-4.6.3.noarch",
"product": {
"name": "python2-spacewalk-client-setup-4.2.13-4.6.3.noarch",
"product_id": "python2-spacewalk-client-setup-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"product": {
"name": "python2-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"product_id": "python2-spacewalk-client-tools-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"product": {
"name": "python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"product_id": "python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-check-4.2.13-4.6.3.noarch",
"product": {
"name": "python3-spacewalk-check-4.2.13-4.6.3.noarch",
"product_id": "python3-spacewalk-check-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-setup-4.2.13-4.6.3.noarch",
"product": {
"name": "python3-spacewalk-client-setup-4.2.13-4.6.3.noarch",
"product_id": "python3-spacewalk-client-setup-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"product": {
"name": "python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"product_id": "python3-spacewalk-client-tools-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"product": {
"name": "saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"product_id": "saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.2.12-4.6.2.noarch",
"product": {
"name": "spacecmd-4.2.12-4.6.2.noarch",
"product_id": "spacecmd-4.2.12-4.6.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-app-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-app-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-applet-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-cdn-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-cdn-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-config-files-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-iss-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-iss-export-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-server-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-server-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-sql-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-tools-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"product_id": "spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.2.21-3.6.3.noarch",
"product": {
"name": "spacewalk-base-4.2.21-3.6.3.noarch",
"product_id": "spacewalk-base-4.2.21-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"product": {
"name": "spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"product_id": "spacewalk-base-minimal-4.2.21-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"product_id": "spacewalk-base-minimal-config-4.2.21-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"product": {
"name": "spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"product_id": "spacewalk-certs-tools-4.2.12-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-check-4.2.13-4.6.3.noarch",
"product": {
"name": "spacewalk-check-4.2.13-4.6.3.noarch",
"product_id": "spacewalk-check-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-setup-4.2.13-4.6.3.noarch",
"product": {
"name": "spacewalk-client-setup-4.2.13-4.6.3.noarch",
"product_id": "spacewalk-client-setup-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-4.2.13-4.6.3.noarch",
"product": {
"name": "spacewalk-client-tools-4.2.13-4.6.3.noarch",
"product_id": "spacewalk-client-tools-4.2.13-4.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-4.2.21-3.6.3.noarch",
"product": {
"name": "spacewalk-dobby-4.2.21-3.6.3.noarch",
"product_id": "spacewalk-dobby-4.2.21-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.2.21-3.6.3.noarch",
"product": {
"name": "spacewalk-html-4.2.21-3.6.3.noarch",
"product_id": "spacewalk-html-4.2.21-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-debug-4.2.21-3.6.3.noarch",
"product": {
"name": "spacewalk-html-debug-4.2.21-3.6.3.noarch",
"product_id": "spacewalk-html-debug-4.2.21-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.2.28-3.11.5.noarch",
"product": {
"name": "spacewalk-java-4.2.28-3.11.5.noarch",
"product_id": "spacewalk-java-4.2.28-3.11.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-4.2.28-3.11.5.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-4.2.28-3.11.5.noarch",
"product_id": "spacewalk-java-apidoc-sources-4.2.28-3.11.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.2.28-3.11.5.noarch",
"product": {
"name": "spacewalk-java-config-4.2.28-3.11.5.noarch",
"product_id": "spacewalk-java-config-4.2.28-3.11.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.2.28-3.11.5.noarch",
"product": {
"name": "spacewalk-java-lib-4.2.28-3.11.5.noarch",
"product_id": "spacewalk-java-lib-4.2.28-3.11.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"product_id": "spacewalk-java-postgresql-4.2.28-3.11.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-proxy-installer-4.2.6-3.6.2.noarch",
"product": {
"name": "spacewalk-proxy-installer-4.2.6-3.6.2.noarch",
"product_id": "spacewalk-proxy-installer-4.2.6-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-setup-4.2.8-3.6.1.noarch",
"product": {
"name": "spacewalk-setup-4.2.8-3.6.1.noarch",
"product_id": "spacewalk-setup-4.2.8-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"product": {
"name": "spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"product_id": "spacewalk-taskomatic-4.2.28-3.11.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-4.2.13-3.6.1.noarch",
"product": {
"name": "spacewalk-utils-4.2.13-3.6.1.noarch",
"product_id": "spacewalk-utils-4.2.13-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"product": {
"name": "spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"product_id": "spacewalk-utils-extras-4.2.13-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-build-keys-15.3.5-3.3.1.noarch",
"product": {
"name": "susemanager-build-keys-15.3.5-3.3.1.noarch",
"product_id": "susemanager-build-keys-15.3.5-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"product": {
"name": "susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"product_id": "susemanager-build-keys-web-15.3.5-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-doc-indexes-4.2-12.8.1.noarch",
"product": {
"name": "susemanager-doc-indexes-4.2-12.8.1.noarch",
"product_id": "susemanager-doc-indexes-4.2-12.8.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-4.2-12.8.1.noarch",
"product": {
"name": "susemanager-docs_en-4.2-12.8.1.noarch",
"product_id": "susemanager-docs_en-4.2-12.8.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"product": {
"name": "susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"product_id": "susemanager-docs_en-pdf-4.2-12.8.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.2.17-3.6.2.noarch",
"product": {
"name": "susemanager-schema-4.2.17-3.6.2.noarch",
"product_id": "susemanager-schema-4.2.17-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-4.2.17-3.6.2.noarch",
"product": {
"name": "susemanager-schema-sanity-4.2.17-3.6.2.noarch",
"product_id": "susemanager-schema-sanity-4.2.17-3.6.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.2.16-3.6.1.noarch",
"product": {
"name": "susemanager-sls-4.2.16-3.6.1.noarch",
"product_id": "susemanager-sls-4.2.16-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-4.2.8-3.6.1.noarch",
"product": {
"name": "susemanager-sync-data-4.2.8-3.6.1.noarch",
"product_id": "susemanager-sync-data-4.2.8-3.6.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-tftpsync-recv-4.2.4-3.3.2.noarch",
"product": {
"name": "susemanager-tftpsync-recv-4.2.4-3.3.2.noarch",
"product_id": "susemanager-tftpsync-recv-4.2.4-3.3.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-4.2.21-3.6.3.noarch",
"product": {
"name": "susemanager-web-libs-4.2.21-3.6.3.noarch",
"product_id": "susemanager-web-libs-4.2.21-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-debug-4.2.21-3.6.3.noarch",
"product": {
"name": "susemanager-web-libs-debug-4.2.21-3.6.3.noarch",
"product_id": "susemanager-web-libs-debug-4.2.21-3.6.3.noarch"
}
},
{
"category": "product_version",
"name": "uyuni-config-modules-4.2.16-3.6.1.noarch",
"product": {
"name": "uyuni-config-modules-4.2.16-3.6.1.noarch",
"product_id": "uyuni-config-modules-4.2.16-3.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.0.5-8.3.2.ppc64le",
"product": {
"name": "inter-server-sync-0.0.5-8.3.2.ppc64le",
"product_id": "inter-server-sync-0.0.5-8.3.2.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-4.2.22-3.6.1.ppc64le",
"product": {
"name": "susemanager-4.2.22-3.6.1.ppc64le",
"product_id": "susemanager-4.2.22-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.ppc64le",
"product": {
"name": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.ppc64le",
"product_id": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.2.22-3.6.1.ppc64le",
"product": {
"name": "susemanager-tools-4.2.22-3.6.1.ppc64le",
"product_id": "susemanager-tools-4.2.22-3.6.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.0.5-8.3.2.s390x",
"product": {
"name": "inter-server-sync-0.0.5-8.3.2.s390x",
"product_id": "inter-server-sync-0.0.5-8.3.2.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-4.2.22-3.6.1.s390x",
"product": {
"name": "susemanager-4.2.22-3.6.1.s390x",
"product_id": "susemanager-4.2.22-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.s390x",
"product": {
"name": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.s390x",
"product_id": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.2.22-3.6.1.s390x",
"product": {
"name": "susemanager-tools-4.2.22-3.6.1.s390x",
"product_id": "susemanager-tools-4.2.22-3.6.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "inter-server-sync-0.0.5-8.3.2.x86_64",
"product": {
"name": "inter-server-sync-0.0.5-8.3.2.x86_64",
"product_id": "inter-server-sync-0.0.5-8.3.2.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-4.2.22-3.6.1.x86_64",
"product": {
"name": "susemanager-4.2.22-3.6.1.x86_64",
"product_id": "susemanager-4.2.22-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.x86_64",
"product": {
"name": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.x86_64",
"product_id": "susemanager-nodejs-sdk-devel-4.2.14-3.6.1.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.2.22-3.6.1.x86_64",
"product": {
"name": "susemanager-tools-4.2.22-3.6.1.x86_64",
"product_id": "susemanager-tools-4.2.22-3.6.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.2",
"product": {
"name": "SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch"
},
"product_reference": "branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cobbler-3.1.2-5.8.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch"
},
"product_reference": "cobbler-3.1.2-5.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cpu-mitigations-formula-0.4.0-3.3.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch"
},
"product_reference": "cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.0.5-8.3.2.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le"
},
"product_reference": "inter-server-sync-0.0.5-8.3.2.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.0.5-8.3.2.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x"
},
"product_reference": "inter-server-sync-0.0.5-8.3.2.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "inter-server-sync-0.0.5-8.3.2.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64"
},
"product_reference": "inter-server-sync-0.0.5-8.3.2.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "openvpn-formula-0.1.2-3.3.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch"
},
"product_reference": "openvpn-formula-0.1.2-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-exporters-formula-1.0.3-3.6.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch"
},
"product_reference": "prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "py26-compat-salt-2016.11.10-11.28.6.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch"
},
"product_reference": "py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "py27-compat-salt-3000.3-7.7.8.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch"
},
"product_reference": "py27-compat-salt-3000.3-7.7.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-tools-4.2.13-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch"
},
"product_reference": "python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch"
},
"product_reference": "saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.2.12-4.6.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch"
},
"product_reference": "spacecmd-4.2.12-4.6.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-app-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-server-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.2.21-3.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch"
},
"product_reference": "spacewalk-base-4.2.21-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.2.21-3.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch"
},
"product_reference": "spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.2.21-3.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.2.12-3.6.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch"
},
"product_reference": "spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-4.2.13-4.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch"
},
"product_reference": "spacewalk-client-tools-4.2.13-4.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.2.21-3.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch"
},
"product_reference": "spacewalk-html-4.2.21-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.2.28-3.11.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch"
},
"product_reference": "spacewalk-java-4.2.28-3.11.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.2.28-3.11.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch"
},
"product_reference": "spacewalk-java-config-4.2.28-3.11.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.2.28-3.11.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch"
},
"product_reference": "spacewalk-java-lib-4.2.28-3.11.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.2.28-3.11.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-setup-4.2.8-3.6.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch"
},
"product_reference": "spacewalk-setup-4.2.8-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.2.28-3.11.5.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch"
},
"product_reference": "spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-4.2.13-3.6.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch"
},
"product_reference": "spacewalk-utils-4.2.13-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-utils-extras-4.2.13-3.6.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch"
},
"product_reference": "spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.2.22-3.6.1.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le"
},
"product_reference": "susemanager-4.2.22-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.2.22-3.6.1.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x"
},
"product_reference": "susemanager-4.2.22-3.6.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.2.22-3.6.1.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64"
},
"product_reference": "susemanager-4.2.22-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-build-keys-15.3.5-3.3.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch"
},
"product_reference": "susemanager-build-keys-15.3.5-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-build-keys-web-15.3.5-3.3.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch"
},
"product_reference": "susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-doc-indexes-4.2-12.8.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch"
},
"product_reference": "susemanager-doc-indexes-4.2-12.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-4.2-12.8.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch"
},
"product_reference": "susemanager-docs_en-4.2-12.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-pdf-4.2-12.8.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch"
},
"product_reference": "susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.2.17-3.6.2.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch"
},
"product_reference": "susemanager-schema-4.2.17-3.6.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.2.16-3.6.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch"
},
"product_reference": "susemanager-sls-4.2.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-4.2.8-3.6.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch"
},
"product_reference": "susemanager-sync-data-4.2.8-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.2.22-3.6.1.ppc64le as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le"
},
"product_reference": "susemanager-tools-4.2.22-3.6.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.2.22-3.6.1.s390x as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x"
},
"product_reference": "susemanager-tools-4.2.22-3.6.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.2.22-3.6.1.x86_64 as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64"
},
"product_reference": "susemanager-tools-4.2.22-3.6.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-4.2.21-3.6.3.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch"
},
"product_reference": "susemanager-web-libs-4.2.21-3.6.3.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-config-modules-4.2.16-3.6.1.noarch as component of SUSE Manager Server Module 4.2",
"product_id": "SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
},
"product_reference": "uyuni-config-modules-4.2.16-3.6.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-40323",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40323"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows log poisoning, and resultant Remote Code Execution, via an XMLRPC method that logs to the logfile for template injection.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40323",
"url": "https://www.suse.com/security/cve/CVE-2021-40323"
},
{
"category": "external",
"summary": "SUSE Bug 1189458 for CVE-2021-40323",
"url": "https://bugzilla.suse.com/1189458"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:26:33Z",
"details": "critical"
}
],
"title": "CVE-2021-40323"
},
{
"cve": "CVE-2021-40324",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40324"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows arbitrary file write operations via upload_log_data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40324",
"url": "https://www.suse.com/security/cve/CVE-2021-40324"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:26:33Z",
"details": "critical"
}
],
"title": "CVE-2021-40324"
},
{
"cve": "CVE-2021-40325",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-40325"
}
],
"notes": [
{
"category": "general",
"text": "Cobbler before 3.3.0 allows authorization bypass for modification of settings.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-40325",
"url": "https://www.suse.com/security/cve/CVE-2021-40325"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.2:branch-network-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:cobbler-3.1.2-5.8.1.noarch",
"SUSE Manager Server Module 4.2:cpu-mitigations-formula-0.4.0-3.3.1.noarch",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.ppc64le",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.s390x",
"SUSE Manager Server Module 4.2:inter-server-sync-0.0.5-8.3.2.x86_64",
"SUSE Manager Server Module 4.2:openvpn-formula-0.1.2-3.3.1.noarch",
"SUSE Manager Server Module 4.2:prometheus-exporters-formula-1.0.3-3.6.1.noarch",
"SUSE Manager Server Module 4.2:py26-compat-salt-2016.11.10-11.28.6.1.noarch",
"SUSE Manager Server Module 4.2:py27-compat-salt-3000.3-7.7.8.1.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:python3-spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:saltboot-formula-0.1.1628156312.dbd0dec-3.3.1.noarch",
"SUSE Manager Server Module 4.2:spacecmd-4.2.12-4.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-app-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-applet-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-common-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-config-files-tool-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-iss-export-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-package-push-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-server-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-sql-postgresql-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-tools-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xml-export-libs-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-backend-xmlrpc-4.2.16-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-base-minimal-config-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-certs-tools-4.2.12-3.6.2.noarch",
"SUSE Manager Server Module 4.2:spacewalk-client-tools-4.2.13-4.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-html-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-config-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-lib-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-java-postgresql-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-setup-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-taskomatic-4.2.28-3.11.5.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:spacewalk-utils-extras-4.2.13-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-build-keys-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-build-keys-web-15.3.5-3.3.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-doc-indexes-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-docs_en-pdf-4.2-12.8.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-schema-4.2.17-3.6.2.noarch",
"SUSE Manager Server Module 4.2:susemanager-sls-4.2.16-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-sync-data-4.2.8-3.6.1.noarch",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.ppc64le",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.s390x",
"SUSE Manager Server Module 4.2:susemanager-tools-4.2.22-3.6.1.x86_64",
"SUSE Manager Server Module 4.2:susemanager-web-libs-4.2.21-3.6.3.noarch",
"SUSE Manager Server Module 4.2:uyuni-config-modules-4.2.16-3.6.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-09-20T15:26:33Z",
"details": "critical"
}
],
"title": "CVE-2021-40325"
}
]
}
WID-SEC-W-2023-2927
Vulnerability from csaf_certbund - Published: 2021-09-22 22:00 - Updated: 2023-11-14 23:00Summary
cobbler: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Cobbler ist ein Linux Installationsserver, welcher die schnelle Einrichtung von Netzwerk-Installationsumgebungen ermöglicht.
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cobbler ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuführen, vertrauliche Informationen offenzulegen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - Linux
In cobbler existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund der Offenlegung einer XMLRPC-API-Schnittstelle, die die Anforderung von Informationen ohne Authentifizierung ermöglicht, eines Fehlers in upload_log_data XMLRPC und einer unzulässigen Autorisierung beim Ändern von Einstellungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code als Root auszuführen und vertrauliche Informationen preiszugeben.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
In cobbler existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund der Offenlegung einer XMLRPC-API-Schnittstelle, die die Anforderung von Informationen ohne Authentifizierung ermöglicht, eines Fehlers in upload_log_data XMLRPC und einer unzulässigen Autorisierung beim Ändern von Einstellungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code als Root auszuführen und vertrauliche Informationen preiszugeben.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
In cobbler existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund der Offenlegung einer XMLRPC-API-Schnittstelle, die die Anforderung von Informationen ohne Authentifizierung ermöglicht, eines Fehlers in upload_log_data XMLRPC und einer unzulässigen Autorisierung beim Ändern von Einstellungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsmaßnahmen zu umgehen, beliebigen Code als Root auszuführen und vertrauliche Informationen preiszugeben.
Affected products
Known affected
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux
Ubuntu
|
cpe:/o:canonical:ubuntu_linux:-
|
— |
References
7 references
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Cobbler ist ein Linux Installationsserver, welcher die schnelle Einrichtung von Netzwerk-Installationsumgebungen erm\u00f6glicht.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in cobbler ausnutzen, um beliebigen Programmcode mit Administratorrechten auszuf\u00fchren, vertrauliche Informationen offenzulegen und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-2927 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-2927.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-2927 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2927"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-6475-1 vom 2023-11-15",
"url": "https://ubuntu.com/security/notices/USN-6475-1"
},
{
"category": "external",
"summary": "Bugzilla Security Advisory vom 2021-09-22",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006840"
},
{
"category": "external",
"summary": "Bugzilla Security Advisory vom 2021-09-22",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006897"
},
{
"category": "external",
"summary": "Bugzilla Security Advisory vom 2021-09-22",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006904"
},
{
"category": "external",
"summary": "POC Code",
"url": "https://github.com/cobbler/cobbler/issues/2795"
}
],
"source_lang": "en-US",
"title": "cobbler: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2023-11-14T23:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:01:41.409+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-2927",
"initial_release_date": "2021-09-22T22:00:00.000+00:00",
"revision_history": [
{
"date": "2021-09-22T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2021-09-26T22:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: FEDORA-2021-3A640D3D4C, FEDORA-2021-4DEF184821, FEDORA-2021-5F1E30AA56"
},
{
"date": "2021-10-05T22:00:00.000+00:00",
"number": "3",
"summary": "Referenz(en) aufgenommen: GHSA-4CFR-GJFX-FJ3X, GHSA-CPQF-3C3R-C9G2, GHSA-CR3F-R24J-3CHW"
},
{
"date": "2023-11-14T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates von Ubuntu aufgenommen"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Open Source cobbler \u003c 3.2.2",
"product": {
"name": "Open Source cobbler \u003c 3.2.2",
"product_id": "T020455",
"product_identification_helper": {
"cpe": "cpe:/a:cobbler:cobbler:3.2.2"
}
}
},
{
"category": "product_name",
"name": "Open Source cobbler \u003c 3.3.0",
"product": {
"name": "Open Source cobbler \u003c 3.3.0",
"product_id": "T020456",
"product_identification_helper": {
"cpe": "cpe:/a:cobbler:cobbler:3.3.0"
}
}
}
],
"category": "product_name",
"name": "cobbler"
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-40323",
"notes": [
{
"category": "description",
"text": "In cobbler existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund der Offenlegung einer XMLRPC-API-Schnittstelle, die die Anforderung von Informationen ohne Authentifizierung erm\u00f6glicht, eines Fehlers in upload_log_data XMLRPC und einer unzul\u00e4ssigen Autorisierung beim \u00c4ndern von Einstellungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code als Root auszuf\u00fchren und vertrauliche Informationen preiszugeben."
}
],
"product_status": {
"known_affected": [
"T000126"
]
},
"release_date": "2021-09-22T22:00:00.000+00:00",
"title": "CVE-2021-40323"
},
{
"cve": "CVE-2021-40324",
"notes": [
{
"category": "description",
"text": "In cobbler existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund der Offenlegung einer XMLRPC-API-Schnittstelle, die die Anforderung von Informationen ohne Authentifizierung erm\u00f6glicht, eines Fehlers in upload_log_data XMLRPC und einer unzul\u00e4ssigen Autorisierung beim \u00c4ndern von Einstellungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code als Root auszuf\u00fchren und vertrauliche Informationen preiszugeben."
}
],
"product_status": {
"known_affected": [
"T000126"
]
},
"release_date": "2021-09-22T22:00:00.000+00:00",
"title": "CVE-2021-40324"
},
{
"cve": "CVE-2021-40325",
"notes": [
{
"category": "description",
"text": "In cobbler existieren mehrere Schwachstellen. Die Fehler bestehen aufgrund der Offenlegung einer XMLRPC-API-Schnittstelle, die die Anforderung von Informationen ohne Authentifizierung erm\u00f6glicht, eines Fehlers in upload_log_data XMLRPC und einer unzul\u00e4ssigen Autorisierung beim \u00c4ndern von Einstellungen. Ein entfernter anonymer Angreifer kann diese Schwachstellen ausnutzen, um Sicherheitsma\u00dfnahmen zu umgehen, beliebigen Code als Root auszuf\u00fchren und vertrauliche Informationen preiszugeben."
}
],
"product_status": {
"known_affected": [
"T000126"
]
},
"release_date": "2021-09-22T22:00:00.000+00:00",
"title": "CVE-2021-40325"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…