Overview

File _patchinfo of Package patchinfo.25442

<patchinfo incident="25442">
  <issue tracker="bnc" id="1202614">Deployment of SLE 15 SP4 terminal fails with "Unable to resize image"</issue>
  <issue tracker="bnc" id="1176460">ansible module nmcli is broken in ansible 2.9.13</issue>
  <issue tracker="bnc" id="1180816">VUL-0: CVE-2021-20178: ansible1,ansible: user data leak in snmp_facts module</issue>
  <issue tracker="bnc" id="1180942">VUL-0: CVE-2021-20180: ansible,ansible1: bitbucket_pipeline_variable exposes sensitive values</issue>
  <issue tracker="bnc" id="1181119">VUL-0: CVE-2021-20191: ansible1,ansible: multiple collections exposes secured values</issue>
  <issue tracker="bnc" id="1181935">VUL-0: CVE-2021-20228: ansible: basic.py no_log with fallback option</issue>
  <issue tracker="bnc" id="1183684">VUL-0: CVE-2021-3447: ansible: multiple modules expose secured values</issue>
  <issue tracker="bnc" id="1187725">VUL-0: CVE-2021-3620: ansible1,ansible: ansible-connection module discloses sensitive info in traceback error message</issue>
  <issue tracker="bnc" id="1188061">VUL-0: CVE-2021-3583: ansible: Template Injection through yaml multi-line strings with ansible facts used in template.</issue>
  <issue tracker="bnc" id="1193585">Zypper ref fails to find channels metadata on client behind a proxy</issue>
  <issue tracker="bnc" id="1197963">X-RHN-Auth-Channels: TypeError: 'NoneType' object does not support item assignment</issue>
  <issue tracker="bnc" id="1199528">Test VM does not appear on Traditional Virtualization Hosts in the UI and cannot be managed</issue>
  <issue tracker="bnc" id="1200142">provisioning fails through containerized proxy - works with vm-based proxy</issue>
  <issue tracker="bnc" id="1200591">spacecmd kickstart_export fails with traceback for RHEL kickstart files</issue>
  <issue tracker="bnc" id="1200968">TFTP container in containerization proxy is listening on wrong protocol</issue>
  <issue tracker="bnc" id="1200970">Dracut saltboot requires device-mapper but does not package it as a requirement</issue>
  <issue tracker="bnc" id="1201003">After upgrading to SUMA 4.3, spacecmd system_listmigrationtargets fails with "ValueError: too many values to unpack (expected 1)</issue>
  <issue tracker="jsc" id="SLE-23631"/>
  <issue tracker="jsc" id="SLE-24133"/>
  <issue tracker="jsc" id="SLE-24791"/>
  <issue tracker="cve" id="2021-3620"/>
  <issue tracker="cve" id="2021-3583"/>
  <issue tracker="cve" id="2021-3447"/>
  <issue tracker="cve" id="2021-20228"/>
  <issue tracker="cve" id="2021-20191"/>
  <issue tracker="cve" id="2021-20180"/>
  <issue tracker="cve" id="2021-20178"/>
  <packager>juliogonzalezgil</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Important security update for SUSE Manager Client Tools</summary>
  <description>This update fixes the following issues:

ansible:

- Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
  * CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725)
  * CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template. (in 2.9.23) (bsc#1188061)
  * ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)
- Update to 2.9.22:
  * CVE-2021-3447 (bsc#1183684) multiple modules expose secured values 
  * CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
  * CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values
  * CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values
  * CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

dracut-saltboot:

- Require e2fsprogs (bsc#1202614)
- Update to version 0.1.1657643023.0d694ce
  * Update dracut-saltboot dependencies (bsc#1200970)
  * Fix network loading when ipappend is used in pxe config
  * Add new information messages

golang-github-QubitProducts-exporter_exporter:

- Remove license file from %doc

mgr-daemon:

- Version 4.3.5-1
  * Update translation strings

mgr-virtualization:

- Version 4.3.6-1
  * Report all VMs in poller, not only running ones (bsc#1199528)

prometheus-blackbox_exporter:

- Exclude s390 arch

python-hwdata:

- Declare the LICENSE file as license and not doc

spacecmd:

- Version 4.3.14-1
  * Fix missing argument on system_listmigrationtargets (bsc#1201003)
  * Show correct help on calling kickstart_importjson with no arguments
  * Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
  * Change proxy container config default filename to end with tar.gz
  * Update translation strings

spacewalk-client-tools:

- Version 4.3.11-1
  * Update translation strings

uyuni-common-libs:

- Version 4.3.5-1
  * Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

uyuni-proxy-systemd-services:

- Version 4.3.6-1
  * Expose port 80 (bsc#1200142)
  * Use volumes rather than bind mounts
  * TFTPD to listen on udp port (bsc#1200968)
  * Add TAG variable in configuration 
  * Fix containers namespaces in configuration

zypp-plugin-spacewalk:

- 1.0.13
  * Log in before listing channels. (bsc#1197963, bsc#1193585)

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places