Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-13692 (GCVE-0-2020-13692)
Vulnerability from cvelistv5 – Published: 2020-06-04 15:07 – Updated: 2024-08-04 12:25
VLAI
EPSS
Summary
PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.
Severity
7.7 (High)
CWE
- n/a
Assigner
References
14 references
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:25:16.487Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "FEDORA-2020-5a31ccfe66",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"name": "DSA-5196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-31T19:06:12.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "FEDORA-2020-5a31ccfe66",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"name": "DSA-5196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2022/dsa-5196"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-13692",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65",
"refsource": "CONFIRM",
"url": "https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65"
},
{
"name": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13",
"refsource": "CONFIRM",
"url": "https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200619-0005/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200619-0005/"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4038: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] mmelko opened a new pull request #4037: Update pgjdbc driver verion, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd merged pull request #4037: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch master updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4037)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [camel] branch camel-3.4.x updated: Update pgjdbc driver version, that includes fix for CVE-2020-13692 (#4038)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[camel-commits] 20200723 [GitHub] [camel] oscerd commented on pull request #4038: Update pgjdbc driver version, that includes fix for CVE-2020-13692",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae@%3Ccommits.camel.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200731 [GitHub] [netbeans] pepness opened a new pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f@%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "[netbeans-notifications] 20200803 [GitHub] [netbeans] neilcsmith-net commented on pull request #2284: [NETBEANS-4664] - Upgrade JDBC PostgreSQL from 42.2.10 to 42.2.14",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977@%3Cnotifications.netbeans.apache.org%3E"
},
{
"name": "FEDORA-2020-5a31ccfe66",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/"
},
{
"name": "DSA-5196",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2022/dsa-5196"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-13692",
"datePublished": "2020-06-04T15:07:37.000Z",
"dateReserved": "2020-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T12:25:16.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-13692",
"date": "2026-06-15",
"epss": "0.04076",
"percentile": "0.89343"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"42.2.13\", \"matchCriteriaId\": \"C8345E93-0BD6-49FB-A82C-219E72541536\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.5.2\", \"matchCriteriaId\": \"2A9BF484-A446-4315-B748-F4723622C464\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.\"}, {\"lang\": \"es\", \"value\": \"PostgreSQL JDBC Driver (tambi\\u00e9n se conoce como PgJDBC) versiones anteriores a 42.2.13, permite un ataque de tipo XXE\"}]",
"id": "CVE-2020-13692",
"lastModified": "2024-11-21T05:01:44.940",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H\", \"baseScore\": 7.7, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.5}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 6.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-06-04T16:15:12.657",
"references": "[{\"url\": \"https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13\", \"source\": \"cve@mitre.org\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200619-0005/\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5196\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20200619-0005/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2022/dsa-5196\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-611\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-13692\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-06-04T16:15:12.657\",\"lastModified\":\"2024-11-21T05:01:44.940\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.\"},{\"lang\":\"es\",\"value\":\"PostgreSQL JDBC Driver (tambi\u00e9n se conoce como PgJDBC) versiones anteriores a 42.2.13, permite un ataque de tipo XXE\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H\",\"baseScore\":7.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-611\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:postgresql:postgresql_jdbc_driver:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"42.2.13\",\"matchCriteriaId\":\"C8345E93-0BD6-49FB-A82C-219E72541536\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.5.2\",\"matchCriteriaId\":\"2A9BF484-A446-4315-B748-F4723622C464\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E94F7F59-1785-493F-91A7-5F5EA5E87E4D\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13\",\"source\":\"cve@mitre.org\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200619-0005/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5196\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/pgjdbc/pgjdbc/commit/14b62aca4764d496813f55a43d050b017e01eb65\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r00bcc6b2da972e0d6332a4ebc7807e17305d8b8e7fb2ae63d2a3cbfb%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r01ae1b3d981cf2e563e9b5b0a6ea54fb3cac8e9a0512ee5269e3420e%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r0478a1aa9ae0dbd79d8f7b38d0d93fa933ac232e2b430b6f31a103c0%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r1aae77706aab7d89b4fe19be468fc3c73e9cc84ff79cc2c3bd07c05a%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r4bdea189c9991aae7a929d28f575ec46e49ed3d68fa5235825f38a4f%40%3Cnotifications.netbeans.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r631f967db6260d6178740a3314a35d9421facd8212e62320275fa78e%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/r7f6d019839df17646ffd0046a99146cacf40492a6c92078f65fd32e0%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rb89f92aba44f524d5c270e0c44ca7aec4704691c37fe106cf73ec977%40%3Cnotifications.netbeans.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rfe363bf3a46d440ad57fd05c0e313025c7218364bbdc5fd8622ea7ae%40%3Ccommits.camel.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DCCAPM6FSNOC272DLSNQ6YHXS3OMHGJC/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20200619-0005/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2022/dsa-5196\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
RHSA-2021:0110
Vulnerability from csaf_redhat - Published: 2021-01-13 18:01 - Updated: 2026-05-14 22:30Summary
Red Hat Security Advisory: Red Hat Integration Tech-Preview 2 Camel K security update
Severity
Important
Notes
Topic: An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat Integration - Camel K - Tech-Preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability.
7.7 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Integration - Camel K - Tech-Preview 2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:integration:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Integration - Camel K - Tech-Preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0110",
"url": "https://access.redhat.com/errata/RHSA-2021:0110"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2020-q4/html/release_notes_for_red_hat_integration_2020-q4/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2020-q4/html/release_notes_for_red_hat_integration_2020-q4/index"
},
{
"category": "external",
"summary": "1852985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0110.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Tech-Preview 2 Camel K security update",
"tracking": {
"current_release_date": "2026-05-14T22:30:44+00:00",
"generator": {
"date": "2026-05-14T22:30:44+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2021:0110",
"initial_release_date": "2021-01-13T18:01:20+00:00",
"revision_history": [
{
"date": "2021-01-13T18:01:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-01-13T18:01:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:30:44+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Integration - Camel K - Tech-Preview 2",
"product": {
"name": "Red Hat Integration - Camel K - Tech-Preview 2",
"product_id": "Red Hat Integration - Camel K - Tech-Preview 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13692",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2020-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1852985"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Integration - Camel K - Tech-Preview 2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13692"
},
{
"category": "external",
"summary": "RHBZ#1852985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692"
}
],
"release_date": "2020-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-01-13T18:01:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Integration - Camel K - Tech-Preview 2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Integration - Camel K - Tech-Preview 2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML"
}
]
}
RHSA-2021_0110
Vulnerability from csaf_redhat - Published: 2021-01-13 18:01 - Updated: 2024-11-15 08:40Summary
Red Hat Security Advisory: Red Hat Integration Tech-Preview 2 Camel K security update
Severity
Important
Notes
Topic: An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: This release of Red Hat Integration - Camel K - Tech-Preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.
Security Fix(es):
* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability.
7.7 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Red Hat Integration - Camel K - Tech-Preview 2
Red Hat / Red Hat Integration
|
cpe:/a:redhat:integration:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
References
9 references
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update to the Camel K operator image for Red Hat Integration tech-preview is now available. The purpose of this text-only errata is to inform you about the security issues fixed in this release.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release of Red Hat Integration - Camel K - Tech-Preview 2 serves as a replacement for tech-preview 1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.\n\nSecurity Fix(es):\n\n* postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML (CVE-2020-13692)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2021:0110",
"url": "https://access.redhat.com/errata/RHSA-2021:0110"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_integration/2020-q4/html/release_notes_for_red_hat_integration_2020-q4/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_integration/2020-q4/html/release_notes_for_red_hat_integration_2020-q4/index"
},
{
"category": "external",
"summary": "1852985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2021/rhsa-2021_0110.json"
}
],
"title": "Red Hat Security Advisory: Red Hat Integration Tech-Preview 2 Camel K security update",
"tracking": {
"current_release_date": "2024-11-15T08:40:40+00:00",
"generator": {
"date": "2024-11-15T08:40:40+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2021:0110",
"initial_release_date": "2021-01-13T18:01:20+00:00",
"revision_history": [
{
"date": "2021-01-13T18:01:20+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2021-01-13T18:01:20+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T08:40:40+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Integration - Camel K - Tech-Preview 2",
"product": {
"name": "Red Hat Integration - Camel K - Tech-Preview 2",
"product_id": "Red Hat Integration - Camel K - Tech-Preview 2",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:integration:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat Integration"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13692",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2020-06-04T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1852985"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in PostgreSQL JDBC in versions prior to 42.2.13. An XML External Entity (XXE) weakness was found in PostgreSQL JDBC. The highest threat from this vulnerability is to data confidentiality and system availability.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Red Hat Integration - Camel K - Tech-Preview 2"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2020-13692"
},
{
"category": "external",
"summary": "RHBZ#1852985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1852985"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2020-13692",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13692"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13692"
}
],
"release_date": "2020-06-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2021-01-13T18:01:20+00:00",
"details": "Before applying this update, make sure all previously released errata relevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"Red Hat Integration - Camel K - Tech-Preview 2"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2021:0110"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H",
"version": "3.1"
},
"products": [
"Red Hat Integration - Camel K - Tech-Preview 2"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "postgresql-jdbc: XML external entity (XXE) vulnerability in PgSQLXML"
}
]
}
SUSE-SU-2020:3466-1
Vulnerability from csaf_suse - Published: 2020-11-20 14:06 - Updated: 2020-11-20 14:06Summary
Security update for SUSE Manager Server 4.0
Severity
Moderate
Notes
Title of the patch: Security update for SUSE Manager Server 4.0
Description of the patch:
This update fixes the following issues:
bind-formula:
- Temporarily disable dnssec-validation as hotfix for bsc#1177790
- Update to version 0.1.1603299886.60e4bcf
grafana-formula:
- Use variable for product name
- Add support for system groups in Client Systems dashboard
postgresql-jdbc:
- Address CVE-2020-13692 (bsc#1172079)
- Add patch:
- Major changes since 9.4-1200:
* License changed to BSD-2-Clause and BSD-3-Clause and Apache-2.0
* Support PostgreSQL 9.5, 9.6, 10 11 and 12 added
* Support for PostgreSQL versions below 8.2 was dropped
* Support for JDK8, JDK9, JDK10, JDK11 and JDK12
* Support for JDK 1.4 and 1.5 was dropped
* Support for JDBC 4.2 added
* Add maxResultBuffer property
* Add caller push of binary data
* Read only transactions
* pkcs12 key functionality
* New 'escapeSyntaxCallMode' connection property
* Connection property to limit server error detail in exception
exceptions
* CancelQuery() to PGConnection public interface
* Support for large update counts (JDBC 4.2)
* Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY
* Expose parameter status messages (GUC_REPORT) to the user
* Log ignoring rollback when no transaction in progress
* Map inet type to InetAddress
* Change ISGENERATED to ISGENERATEDCOLUMN as per spec
* Support temporary replication slots in ReplicationCreateSlotBuilder
* Return function (PostgreSQL 11) columns in PgDatabaseMetaData#getFunctionColumns
* Return information on create replication slot, now the snapshot_name
is exported to allow a consistent snapshot in some uses cases
* `ssl=true` implies `sslmode=verify-full`, that is it requires valid
server certificate
* Support for `sslmode=allow/prefer/require`
* Added server hostname verification for non-default SSL factories in
`sslmode=verify-full` (CVE-2018-10936)
* PreparedStatement.setNull(int parameterIndex, int t, String typeName)
no longer ignores the typeName argument if it is not setNull
* Reduce the severity of the error log messages when an exception is
re-thrown. The error will be thrown to caller to be dealt with so no need
to log at this verbosity by pgjdbc
* Deprecate Fastpath API PR 903
* Support parenthesis in {oj ...} JDBC escape syntax
* socksProxyHost is ignored in case it contains empty string
* Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+)
using the Ongres SCRAM library
* Make SELECT INTO and CREATE TABLE AS return row counts to the client in
their command tags
* Support Subject Alternative Names for SSL connections
* Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column
* Support for primitive arrays PR 887 3e0491a
* Implement support for get/setNetworkTimeout() in connections
* Make GSS JAAS login optional, add an option 'jaasLogin'
* Improve behaviour of ResultSet.getObject(int, Class)
* Parse CommandComplete message using a regular expression, allows complete
catch of server returned commands for INSERT, UPDATE, DELETE, SELECT,
FETCH, MOVE,COPY and future commands.
* Use 'time with timezone' and 'timestamp with timezone' as is and ignore the
user provided Calendars, 'time' and 'timestamp' work as earlier except
'00:00:00' now maps to 1970-01-01 and '24:00:00' uses the system provided
Calendar ignoring the user-provided one
* Change behaviour of multihost connection. The new behaviour is to try all
secondaries first before trying the master
* Drop support for the (insecure) crypt authentication method
* slave and preferSlave values for the targetServerType connection property
have been deprecated in favour of secondary and preferSecondary
respectively
* Statements with non-zero fetchSize no longer require server-side
named handle. This might cause issues when using old PostgreSQL versions
(pre-8.4)+fetchSize+interleaved ResultSet processing combo
* Better logic for returning keyword detection. Previously, pgjdbc could be
defeated by column names that contain returning, so pgjdbc failed to
'return generated keys' as it considered statement as already having
returning keyword
* Use server-prepared statements for batch inserts when prepareThreshold>0.
This enables batch to use server-prepared from the first executeBatch()
execution (previously it waited for prepareThreshold executeBatch() calls)
* Replication protocol API was added: replication API documentation
* java.util.logging is now used for logging: logging documentation
* Add support for PreparedStatement.setCharacterStream(int, Reader)
* Ensure executeBatch() can be used with pgbouncer. Previously pgjdbc could
use server-prepared statements for batch execution even with
prepareThreshold=0
* Error position is displayed when SQL has unterminated literals,
comments, etc
* Strict handling of accepted values in getBoolean and setObject(BOOLEAN),
now it follows PostgreSQL accepted values, only 1 and 0 for numeric types
are acepted (previusly !=0 was true)
* Deprecated PGPoolingDataSource, instead of this class you should use a
fully featured connection pool like HikariCP, vibur-dbcp, commons-dbcp,
c3p0, etc
* 'current transaction is aborted' exception includes the original exception
via caused-by chain
* Better support for RETURNGENERATEDKEYS, statements with RETURNING clause
* Avoid user-visible prepared-statement errors if client uses
DEALLOCATE/DISCARD statements (invalidate cache when those statements
detected)
* Avoid user-visible prepared-statement errors if client changes searchpath
(invalidate cache when set searchpath detected)
* Support comments when replacing {fn ...} JDBC syntax
* Support for Types.REF_CURSOR
* Performance optimization for timestamps (~TimeZone.getDefault optimization)
* Ability to customize socket factory (e.g. for unix domain sockets)
* Ignore empty sub-queries in composite queries
* Add equality support to PSQLState
* Improved composite/array type support and type naming changes.
- Update to version 42.2.10
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.10
- Update to version 42.2.9
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.9
- Update to version 42.2.8
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.8
- Update to version 42.2.7
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.7
- Update to version 42.2.6
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.6
- Update to version 42.2.5
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.5
- Update to version 42.2.4
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.4
- Update to version 42.2.3
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.3
- Update to version 42.2.2
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.2
- Update to version 42.2.1
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.1
- Update to version 42.2.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.0
- Update to version 42.1.4
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.4
- Update to version 42.1.3
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.3
- Update to version 42.1.2
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.2
- Update to version 42.1.1
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1
- Update to version 42.1.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1
- Update to version 42.2.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.0
- Update to version 9.4.1211
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1211
- Update to version 9.4.1210
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1210
- Update to version 9.4.1209
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1209
- Update to version 9.4.1208
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1208
- Update to version 9.4.1207
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1207
- Update to version 9.4.1206
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1206
- Update to version 9.4.1205
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204
- Update to version 9.4.1204
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204
- Update to version 9.4.1203
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1203
- Update to version 9.4.1202
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1202
- Update to version 9.4.1201
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1201
prometheus-exporters-formula:
- Fix empty directory values initialization
- Disable reverse proxy on default
prometheus-formula:
- Update to version 0.2.3
- Disable Alertmanager clustering (bsc#1178145)
- Update to version 0.2.2
- Use variable for product name
salt-netapi-client:
- Version 0.18.0
See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0
spacewalk-admin:
- Use the license macro to mark the LICENSE in the package so that
when installing without docs, it does install the LICENSE file
- Prevent javax.net.ssl.SSLHandshakeException after upgrading from
SUSE Manager 3.2 (bsc#1177435)
spacewalk-backend:
- ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)
- Fix unique machine_id detection (bsc#1176074)
spacewalk-java:
- Revert: Sync state modules when starting action chain execution (bsc#1177336)
- Sync state modules when starting action chain execution (bsc#1177336)
- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)
- Log token verify errors and check for expired tokens
- Execute Salt SSH actions in parallel (bsc#1173199)
- Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)
- Fix action chain resuming when patches updating salt-minion don't cause service to be
restarted (bsc#1144447)
- Renaming autoinstall distro didn't change the name of the Cobbler distro (bsc#1175876)
spacewalk-web:
- Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)
- Don't allow selecting spice for Xen PV and PVH guests
susemanager:
- Add --force to mgr-create-bootstrap-repo to enforce generation
even when some products are not synchronized
susemanager-schema:
- Execute Salt SSH actions in parallel (bsc#1173199)
susemanager-sls:
- Revert: Sync state modules when starting action chain execution (bsc#1177336)
- Sync state modules when starting action chain execution (bsc#1177336)
- Fix grub2 autoinstall kernel path (bsc#1178060)
- Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer
- Fix action chain resuming when patches updating salt-minion don't cause service to be
restarted (bsc#1144447)
- Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876)
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema:
spacewalk-schema-upgrade
5. Start the Spacewalk service:
spacewalk-service start
Patchnames: SUSE-2020-3466,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-3466
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
Threats
Impact
important
5.6 (Medium)
Affected products
Recommended
41 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
24 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.0",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThis update fixes the following issues:\n\nbind-formula:\n\n- Temporarily disable dnssec-validation as hotfix for bsc#1177790\n- Update to version 0.1.1603299886.60e4bcf\n\ngrafana-formula:\n\n- Use variable for product name\n- Add support for system groups in Client Systems dashboard\n\npostgresql-jdbc:\n\n- Address CVE-2020-13692 (bsc#1172079)\n- Add patch:\n- Major changes since 9.4-1200:\n * License changed to BSD-2-Clause and BSD-3-Clause and Apache-2.0\n * Support PostgreSQL 9.5, 9.6, 10 11 and 12 added\n * Support for PostgreSQL versions below 8.2 was dropped\n * Support for JDK8, JDK9, JDK10, JDK11 and JDK12\n * Support for JDK 1.4 and 1.5 was dropped\n * Support for JDBC 4.2 added\n * Add maxResultBuffer property\n * Add caller push of binary data\n * Read only transactions\n * pkcs12 key functionality\n * New \u0027escapeSyntaxCallMode\u0027 connection property\n * Connection property to limit server error detail in exception\n exceptions\n * CancelQuery() to PGConnection public interface\n * Support for large update counts (JDBC 4.2)\n * Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY\n * Expose parameter status messages (GUC_REPORT) to the user\n * Log ignoring rollback when no transaction in progress\n * Map inet type to InetAddress\n * Change ISGENERATED to ISGENERATEDCOLUMN as per spec\n * Support temporary replication slots in ReplicationCreateSlotBuilder\n * Return function (PostgreSQL 11) columns in PgDatabaseMetaData#getFunctionColumns\n * Return information on create replication slot, now the snapshot_name\n is exported to allow a consistent snapshot in some uses cases\n * `ssl=true` implies `sslmode=verify-full`, that is it requires valid\n server certificate\n * Support for `sslmode=allow/prefer/require`\n * Added server hostname verification for non-default SSL factories in\n `sslmode=verify-full` (CVE-2018-10936)\n * PreparedStatement.setNull(int parameterIndex, int t, String typeName)\n no longer ignores the typeName argument if it is not setNull\n * Reduce the severity of the error log messages when an exception is\n re-thrown. The error will be thrown to caller to be dealt with so no need\n to log at this verbosity by pgjdbc\n * Deprecate Fastpath API PR 903\n * Support parenthesis in {oj ...} JDBC escape syntax\n * socksProxyHost is ignored in case it contains empty string\n * Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+)\n using the Ongres SCRAM library\n * Make SELECT INTO and CREATE TABLE AS return row counts to the client in\n their command tags\n * Support Subject Alternative Names for SSL connections\n * Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column\n * Support for primitive arrays PR 887 3e0491a\n * Implement support for get/setNetworkTimeout() in connections\n * Make GSS JAAS login optional, add an option \u0027jaasLogin\u0027\n * Improve behaviour of ResultSet.getObject(int, Class)\n * Parse CommandComplete message using a regular expression, allows complete\n catch of server returned commands for INSERT, UPDATE, DELETE, SELECT,\n FETCH, MOVE,COPY and future commands.\n * Use \u0027time with timezone\u0027 and \u0027timestamp with timezone\u0027 as is and ignore the\n user provided Calendars, \u0027time\u0027 and \u0027timestamp\u0027 work as earlier except\n \u002700:00:00\u0027 now maps to 1970-01-01 and \u002724:00:00\u0027 uses the system provided\n Calendar ignoring the user-provided one\n * Change behaviour of multihost connection. The new behaviour is to try all\n secondaries first before trying the master\n * Drop support for the (insecure) crypt authentication method\n * slave and preferSlave values for the targetServerType connection property\n have been deprecated in favour of secondary and preferSecondary\n respectively\n * Statements with non-zero fetchSize no longer require server-side\n named handle. This might cause issues when using old PostgreSQL versions\n (pre-8.4)+fetchSize+interleaved ResultSet processing combo\n * Better logic for returning keyword detection. Previously, pgjdbc could be\n defeated by column names that contain returning, so pgjdbc failed to\n \u0027return generated keys\u0027 as it considered statement as already having\n returning keyword\n * Use server-prepared statements for batch inserts when prepareThreshold\u003e0.\n This enables batch to use server-prepared from the first executeBatch()\n execution (previously it waited for prepareThreshold executeBatch() calls)\n * Replication protocol API was added: replication API documentation\n * java.util.logging is now used for logging: logging documentation\n * Add support for PreparedStatement.setCharacterStream(int, Reader)\n * Ensure executeBatch() can be used with pgbouncer. Previously pgjdbc could\n use server-prepared statements for batch execution even with\n prepareThreshold=0\n * Error position is displayed when SQL has unterminated literals,\n comments, etc\n * Strict handling of accepted values in getBoolean and setObject(BOOLEAN),\n now it follows PostgreSQL accepted values, only 1 and 0 for numeric types\n are acepted (previusly !=0 was true)\n * Deprecated PGPoolingDataSource, instead of this class you should use a\n fully featured connection pool like HikariCP, vibur-dbcp, commons-dbcp,\n c3p0, etc\n * \u0027current transaction is aborted\u0027 exception includes the original exception\n via caused-by chain\n * Better support for RETURNGENERATEDKEYS, statements with RETURNING clause\n * Avoid user-visible prepared-statement errors if client uses\n DEALLOCATE/DISCARD statements (invalidate cache when those statements\n detected)\n * Avoid user-visible prepared-statement errors if client changes searchpath\n (invalidate cache when set searchpath detected)\n * Support comments when replacing {fn ...} JDBC syntax\n * Support for Types.REF_CURSOR\n * Performance optimization for timestamps (~TimeZone.getDefault optimization)\n * Ability to customize socket factory (e.g. for unix domain sockets)\n * Ignore empty sub-queries in composite queries\n * Add equality support to PSQLState\n * Improved composite/array type support and type naming changes.\n- Update to version 42.2.10\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.10\n- Update to version 42.2.9\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.9\n- Update to version 42.2.8\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.8\n- Update to version 42.2.7\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.7\n- Update to version 42.2.6\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.6\n- Update to version 42.2.5\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.5\n- Update to version 42.2.4\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.4\n- Update to version 42.2.3\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.3\n- Update to version 42.2.2\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.2\n- Update to version 42.2.1\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.1\n- Update to version 42.2.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.0\n- Update to version 42.1.4\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.4\n- Update to version 42.1.3\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.3\n- Update to version 42.1.2\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.2\n- Update to version 42.1.1\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1\n- Update to version 42.1.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1\n- Update to version 42.2.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.0\n- Update to version 9.4.1211\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1211\n- Update to version 9.4.1210\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1210\n- Update to version 9.4.1209\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1209\n- Update to version 9.4.1208\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1208\n- Update to version 9.4.1207\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1207\n- Update to version 9.4.1206\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1206\n- Update to version 9.4.1205\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204\n- Update to version 9.4.1204\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204\n- Update to version 9.4.1203\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1203\n- Update to version 9.4.1202\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1202\n- Update to version 9.4.1201\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1201\n\nprometheus-exporters-formula:\n\n- Fix empty directory values initialization\n- Disable reverse proxy on default\n\nprometheus-formula:\n\n- Update to version 0.2.3\n- Disable Alertmanager clustering (bsc#1178145)\n- Update to version 0.2.2\n- Use variable for product name\n\nsalt-netapi-client:\n\n- Version 0.18.0\n See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0\n\nspacewalk-admin:\n\n- Use the license macro to mark the LICENSE in the package so that\n when installing without docs, it does install the LICENSE file\n- Prevent javax.net.ssl.SSLHandshakeException after upgrading from\n SUSE Manager 3.2 (bsc#1177435)\n\nspacewalk-backend:\n\n- ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)\n- Fix unique machine_id detection (bsc#1176074)\n\nspacewalk-java:\n\n- Revert: Sync state modules when starting action chain execution (bsc#1177336)\n- Sync state modules when starting action chain execution (bsc#1177336)\n- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)\n- Log token verify errors and check for expired tokens\n- Execute Salt SSH actions in parallel (bsc#1173199)\n- Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)\n- Fix action chain resuming when patches updating salt-minion don\u0027t cause service to be\n restarted (bsc#1144447)\n- Renaming autoinstall distro didn\u0027t change the name of the Cobbler distro (bsc#1175876)\n\nspacewalk-web:\n\n- Fix link to documentation in Admin -\u003e Manager Configuration -\u003e Monitoring (bsc#1176172)\n- Don\u0027t allow selecting spice for Xen PV and PVH guests\n\nsusemanager:\n\n- Add --force to mgr-create-bootstrap-repo to enforce generation\n even when some products are not synchronized\n\nsusemanager-schema:\n\n- Execute Salt SSH actions in parallel (bsc#1173199)\n\nsusemanager-sls:\n\n- Revert: Sync state modules when starting action chain execution (bsc#1177336)\n- Sync state modules when starting action chain execution (bsc#1177336)\n- Fix grub2 autoinstall kernel path (bsc#1178060)\n- Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer\n- Fix action chain resuming when patches updating salt-minion don\u0027t cause service to be\n restarted (bsc#1144447)\n- Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876)\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\nspacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\nspacewalk-schema-upgrade\n5. Start the Spacewalk service:\nspacewalk-service start\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3466,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-3466",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3466-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3466-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203466-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3466-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007827.html"
},
{
"category": "self",
"summary": "SUSE Bug 1144447",
"url": "https://bugzilla.suse.com/1144447"
},
{
"category": "self",
"summary": "SUSE Bug 1172079",
"url": "https://bugzilla.suse.com/1172079"
},
{
"category": "self",
"summary": "SUSE Bug 1173199",
"url": "https://bugzilla.suse.com/1173199"
},
{
"category": "self",
"summary": "SUSE Bug 1175739",
"url": "https://bugzilla.suse.com/1175739"
},
{
"category": "self",
"summary": "SUSE Bug 1175876",
"url": "https://bugzilla.suse.com/1175876"
},
{
"category": "self",
"summary": "SUSE Bug 1175987",
"url": "https://bugzilla.suse.com/1175987"
},
{
"category": "self",
"summary": "SUSE Bug 1176074",
"url": "https://bugzilla.suse.com/1176074"
},
{
"category": "self",
"summary": "SUSE Bug 1176172",
"url": "https://bugzilla.suse.com/1176172"
},
{
"category": "self",
"summary": "SUSE Bug 1177336",
"url": "https://bugzilla.suse.com/1177336"
},
{
"category": "self",
"summary": "SUSE Bug 1177435",
"url": "https://bugzilla.suse.com/1177435"
},
{
"category": "self",
"summary": "SUSE Bug 1177790",
"url": "https://bugzilla.suse.com/1177790"
},
{
"category": "self",
"summary": "SUSE Bug 1178060",
"url": "https://bugzilla.suse.com/1178060"
},
{
"category": "self",
"summary": "SUSE Bug 1178145",
"url": "https://bugzilla.suse.com/1178145"
},
{
"category": "self",
"summary": "SUSE Bug 1178195",
"url": "https://bugzilla.suse.com/1178195"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-10936 page",
"url": "https://www.suse.com/security/cve/CVE-2018-10936/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13692 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13692/"
}
],
"title": "Security update for SUSE Manager Server 4.0",
"tracking": {
"current_release_date": "2020-11-20T14:06:24Z",
"generator": {
"date": "2020-11-20T14:06:24Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3466-1",
"initial_release_date": "2020-11-20T14:06:24Z",
"revision_history": [
{
"date": "2020-11-20T14:06:24Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.0.32-3.46.1.aarch64",
"product": {
"name": "susemanager-4.0.32-3.46.1.aarch64",
"product_id": "susemanager-4.0.32-3.46.1.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.32-3.46.1.aarch64",
"product": {
"name": "susemanager-tools-4.0.32-3.46.1.aarch64",
"product_id": "susemanager-tools-4.0.32-3.46.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"product": {
"name": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"product_id": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch"
}
},
{
"category": "product_version",
"name": "grafana-formula-0.2.2-4.13.1.noarch",
"product": {
"name": "grafana-formula-0.2.2-4.13.1.noarch",
"product_id": "grafana-formula-0.2.2-4.13.1.noarch"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-42.2.10-3.3.1.noarch",
"product": {
"name": "postgresql-jdbc-42.2.10-3.3.1.noarch",
"product_id": "postgresql-jdbc-42.2.10-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch",
"product": {
"name": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch",
"product_id": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch"
}
},
{
"category": "product_version",
"name": "prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"product": {
"name": "prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"product_id": "prometheus-exporters-formula-0.7.5-3.16.1.noarch"
}
},
{
"category": "product_version",
"name": "prometheus-formula-0.2.3-4.16.1.noarch",
"product": {
"name": "prometheus-formula-0.2.3-4.16.1.noarch",
"product_id": "prometheus-formula-0.2.3-4.16.1.noarch"
}
},
{
"category": "product_version",
"name": "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product": {
"name": "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product_id": "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"product": {
"name": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"product_id": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product": {
"name": "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product_id": "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch"
}
},
{
"category": "product_version",
"name": "salt-netapi-client-0.18.0-4.12.1.noarch",
"product": {
"name": "salt-netapi-client-0.18.0-4.12.1.noarch",
"product_id": "salt-netapi-client-0.18.0-4.12.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-admin-4.0.12-3.15.1.noarch",
"product": {
"name": "spacewalk-admin-4.0.12-3.15.1.noarch",
"product_id": "spacewalk-admin-4.0.12-3.15.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-app-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-app-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-applet-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-cdn-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-cdn-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-iss-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-libs-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-server-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-server-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-sql-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-tools-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"product_id": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-base-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-base-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-base-minimal-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-dobby-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-dobby-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.0.25-3.36.1.noarch",
"product": {
"name": "spacewalk-html-4.0.25-3.36.1.noarch",
"product_id": "spacewalk-html-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-config-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-config-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-lib-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-lib-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"product": {
"name": "spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"product_id": "spacewalk-taskomatic-4.0.40-3.48.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.0.23-3.32.1.noarch",
"product": {
"name": "susemanager-schema-4.0.23-3.32.1.noarch",
"product_id": "susemanager-schema-4.0.23-3.32.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-4.0.23-3.32.1.noarch",
"product": {
"name": "susemanager-schema-sanity-4.0.23-3.32.1.noarch",
"product_id": "susemanager-schema-sanity-4.0.23-3.32.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.0.31-3.37.1.noarch",
"product": {
"name": "susemanager-sls-4.0.31-3.37.1.noarch",
"product_id": "susemanager-sls-4.0.31-3.37.1.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-4.0.25-3.36.1.noarch",
"product": {
"name": "susemanager-web-libs-4.0.25-3.36.1.noarch",
"product_id": "susemanager-web-libs-4.0.25-3.36.1.noarch"
}
},
{
"category": "product_version",
"name": "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product": {
"name": "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch",
"product_id": "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.0.32-3.46.1.ppc64le",
"product": {
"name": "susemanager-4.0.32-3.46.1.ppc64le",
"product_id": "susemanager-4.0.32-3.46.1.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.32-3.46.1.ppc64le",
"product": {
"name": "susemanager-tools-4.0.32-3.46.1.ppc64le",
"product_id": "susemanager-tools-4.0.32-3.46.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.0.32-3.46.1.s390x",
"product": {
"name": "susemanager-4.0.32-3.46.1.s390x",
"product_id": "susemanager-4.0.32-3.46.1.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.32-3.46.1.s390x",
"product": {
"name": "susemanager-tools-4.0.32-3.46.1.s390x",
"product_id": "susemanager-tools-4.0.32-3.46.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.0.32-3.46.1.x86_64",
"product": {
"name": "susemanager-4.0.32-3.46.1.x86_64",
"product_id": "susemanager-4.0.32-3.46.1.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.0.32-3.46.1.x86_64",
"product": {
"name": "susemanager-tools-4.0.32-3.46.1.x86_64",
"product_id": "susemanager-tools-4.0.32-3.46.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.0",
"product": {
"name": "SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.0"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch"
},
"product_reference": "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "grafana-formula-0.2.2-4.13.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch"
},
"product_reference": "grafana-formula-0.2.2-4.13.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-42.2.10-3.3.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch"
},
"product_reference": "postgresql-jdbc-42.2.10-3.3.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-exporters-formula-0.7.5-3.16.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch"
},
"product_reference": "prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "prometheus-formula-0.2.3-4.16.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch"
},
"product_reference": "prometheus-formula-0.2.3-4.16.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch"
},
"product_reference": "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "salt-netapi-client-0.18.0-4.12.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch"
},
"product_reference": "salt-netapi-client-0.18.0-4.12.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-admin-4.0.12-3.15.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch"
},
"product_reference": "spacewalk-admin-4.0.12-3.15.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-app-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-server-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch"
},
"product_reference": "spacewalk-base-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch"
},
"product_reference": "spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch"
},
"product_reference": "spacewalk-html-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-java-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-java-config-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-java-lib-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch"
},
"product_reference": "spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.32-3.46.1.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le"
},
"product_reference": "susemanager-4.0.32-3.46.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.32-3.46.1.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x"
},
"product_reference": "susemanager-4.0.32-3.46.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.0.32-3.46.1.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64"
},
"product_reference": "susemanager-4.0.32-3.46.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.0.23-3.32.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch"
},
"product_reference": "susemanager-schema-4.0.23-3.32.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.0.31-3.37.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch"
},
"product_reference": "susemanager-sls-4.0.31-3.37.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.32-3.46.1.ppc64le as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le"
},
"product_reference": "susemanager-tools-4.0.32-3.46.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.32-3.46.1.s390x as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x"
},
"product_reference": "susemanager-tools-4.0.32-3.46.1.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.0.32-3.46.1.x86_64 as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64"
},
"product_reference": "susemanager-tools-4.0.32-3.46.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0",
"product_id": "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
},
"product_reference": "susemanager-web-libs-4.0.25-3.36.1.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.0"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-10936",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-10936"
}
],
"notes": [
{
"category": "general",
"text": "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-10936",
"url": "https://www.suse.com/security/cve/CVE-2018-10936"
},
{
"category": "external",
"summary": "SUSE Bug 1106539 for CVE-2018-10936",
"url": "https://bugzilla.suse.com/1106539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T14:06:24Z",
"details": "important"
}
],
"title": "CVE-2018-10936"
},
{
"cve": "CVE-2020-13692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13692"
}
],
"notes": [
{
"category": "general",
"text": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13692",
"url": "https://www.suse.com/security/cve/CVE-2020-13692"
},
{
"category": "external",
"summary": "SUSE Bug 1172746 for CVE-2020-13692",
"url": "https://bugzilla.suse.com/1172746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch",
"SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch",
"SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch",
"SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch",
"SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x",
"SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64",
"SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-11-20T14:06:24Z",
"details": "moderate"
}
],
"title": "CVE-2020-13692"
}
]
}
SUSE-SU-2020:3781-1
Vulnerability from csaf_suse - Published: 2020-12-14 11:01 - Updated: 2020-12-14 11:01Summary
Security update for SUSE Manager Server 4.1
Severity
Moderate
Notes
Title of the patch: Security update for SUSE Manager Server 4.1
Description of the patch: This update fixes the following issues:
image-sync-formula:
- Send image_synced event to master
postgresql-jdbc:
- Address CVE-2020-13692 (bsc#1172079)
pxe-yomi-image-sle15:
- Update config.sh based on last JeOS template
- Update JEOS_LOCALE to en_US.UTF-8
- Support config{_url}{_name} for user provided configuration
python-susemanager-retail:
- Handle organizations in retail_create_delta
saltboot-formula:
- Support older SLE11 cryptsetup (bsc#1172287)
- Use images with 'synced' flag
spacecmd:
- Fix: make spacecmd build on Debian
spacewalk-admin:
- Use the license macro to mark the LICENSE in the package so that
when installing without docs, it does install the LICENSE file
- Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE Manager 3.2 (bsc#1177435)
spacewalk-backend:
- Fix missing `LiteServer.add_suse_products` method (bsc#1178704)
- Do not raise TypeError when processing SUSE products (bsc#1178704)
- Fix spacewalk-repo-sync to successfully manage and sync ULN repositories
- Fix errors in spacewalk-debug and align postgresql queries to new DB version
- ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)
- Re-enables possibility to use local repos with repo-sync (bsc#1175607)
- Add `allow_vendor_change` option to rhn clients for dist upgrades
spacewalk-certs-tools:
- Improve check for correct CA trust store directory (bsc#1176417)
spacewalk-client-tools:
- Update translations
spacewalk-java:
- Update content sensitive help links
- Update exception message in findSyncedMandatoryChannels
- Report resolved module dependencies on CLM project details page
- Allow creating custom ULN repositories with uln:// urls
- Change message 'Minion is down' to be more accurate
- Localize documentation links
- Temp: revert Sync state modules when starting action chain execution (bsc#1177336)
- Fix check for available products on ISS Slaves (bsc#1177184)
- XMLRPC: Report architecture label in the list of installed packages (bsc#1176898)
- Get media.1/products for cloned channels (bsc#1178303)
- Calculate size to truncate a history message based on the htmlified version (bsc#1178503)
- Make image pillar visible only in buildhost organization
- Maintain list of synced images in pillar
- Enable validation of Content Lifecycle Management entities in the XMLRPC API (bsc#1177706)
- Fix the order of the arguments in the XMLRPC API doc for contentmanagement.buildProject (bsc#1177704)
- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)
- Log token verify errors and check for expired tokens
- Show only kernel options in advanced autoinstallation page when working with a salt minion (bsc#1177767)
- Show cluster upgrade plan in the upgrade UI
- Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)
- Add new allowVendorChange flag for dist upgrades
- Sync state modules when starting action chain execution (bsc#1177336)
- Enable redfish power management by default
spacewalk-search:
- Add multi lang support to the document search
spacewalk-setup:
- Add sock_pool_size setting by default for better performance
spacewalk-web:
- Update content sensitive help links
- Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)
- Fix the search panel in CLM filters page
- Localize documentation links
- Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)
- Show cluster upgrade plan in the upgrade UI
- Don't allow selecting spice for Xen PV and PVH guests
supportutils-plugin-susemanager:
- Remove checks for obsolete packages
- Gather new configfiles
- Add more important informations
susemanager:
- Adapt Debian10 bootstrap repository definition for salt on Python 3
- Add --force to mgr-create-bootstrap-repo to enforce generation
even when some products are not synchronized
susemanager-doc-indexes:
- Added warning about local repositories in the Clients Configuration Guide
- Removed duplicate contact method entry in Client Configuration Guide
- Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide
- Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide
- Added Salt Minion file contact method to Client Configuration Guide
- Added Redfish to power management protocols section
- Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975)
- Added procedure for adding virtualization guests to the Client Configuration Guide
- New guide added: Quickstart SAP Guide
- Add multilang support
susemanager-docs_en:
- Added warning about local repositories in the Clients Configuration Guide
- Removed duplicate contact method entry in Client Configuration Guide
- Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide
- Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide
- Added Salt Minion file contact method to Client Configuration Guide
- Added Redfish to power management protocols section
- Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975)
- Added procedure for adding virtualization guests to the Client Configuration Guide
- New guide added: Quickstart SAP Guide
- Add multilang support
mgr-libmod:
- Fix `module not found` exception handling. (bsc#1179257)
susemanager-frontend-libs:
- Update Bootstrap to 3.1.0
susemanager-schema:
- Move dist upgrade SQL file to the correct directory so it gets picked up in schema upgrades (bsc#1179759)
- Add `preferred_docs_locale` to UserInfo table
- Add new column to rhnactiondup table for allowVendorChange flag
susemanager-sls:
- Fix: sync before start action chains (bsc#1177336)
- Temp: revert Sync state modules when starting action chain execution (bsc#1177336)
- Handle group- and org-specific image pillars
- Use require in reboot trigger (bsc#1177767)
- Add pillar option to get allowVendorChange option during dist upgrade
- Sync state modules when starting action chain execution (bsc#1177336)
susemanager-sync-data:
- Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS
- Remove duplicate repo definition
uyuni-cluster-provider-caasp:
- Show the cluster upgrade plan in the UI
yomi-formula:
- Update to version 0.0.1+git.1604593202.a2c22bf:
* storage: hide mountpoint if no filesystem
* software: migrate repos as certs
* software: add verify parameter
* _grains: efi grains are in Salt now
* software: transfer current repository
* software: add repository options
* lvm: fix indentation
* partitioned: fix parted call and tests
- Update to version 0.0.1+git.1601999695.6141130:
* README: add user provided config
- Update to version 0.0.1+git.1598948600.9a9eab0:
* Replace fdisk with parted in partitioned
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema:
spacewalk-schema-upgrade
5. Start the Spacewalk service:
spacewalk-service start
Patchnames: SUSE-2020-3781,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3781
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.6 (Medium)
Affected products
Recommended
56 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Manager Server Module 4.1:image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:mgr-libmod-4.1.5-3.8.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-3.3.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-spacewalk-client-tools-4.1.8-4.9.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacecmd-4.1.9-4.12.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-admin-4.1.8-3.9.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-base-4.1.21-3.12.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.21-3.12.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.21-3.12.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.14-3.9.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-client-tools-4.1.8-4.9.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-html-4.1.21-3.12.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-java-4.1.24-3.19.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.24-3.19.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.24-3.19.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.24-3.19.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-search-4.1.4-3.6.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-setup-4.1.7-3.6.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.24-3.19.6.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:supportutils-plugin-susemanager-4.1.4-3.3.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.20.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.20.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.20.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.1-3.6.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-schema-4.1.17-3.16.2.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-sls-4.1.18-3.16.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.8-3.6.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.21-3.12.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:uyuni-config-modules-4.1.18-3.16.5.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
29 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for SUSE Manager Server 4.1",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update fixes the following issues:\n\nimage-sync-formula:\n\n- Send image_synced event to master\n\npostgresql-jdbc:\n\n- Address CVE-2020-13692 (bsc#1172079)\n\npxe-yomi-image-sle15:\n\n- Update config.sh based on last JeOS template\n- Update JEOS_LOCALE to en_US.UTF-8\n- Support config{_url}{_name} for user provided configuration\n\npython-susemanager-retail:\n\n- Handle organizations in retail_create_delta\n\nsaltboot-formula:\n\n- Support older SLE11 cryptsetup (bsc#1172287)\n- Use images with \u0027synced\u0027 flag\n\nspacecmd:\n\n- Fix: make spacecmd build on Debian\n\nspacewalk-admin:\n\n- Use the license macro to mark the LICENSE in the package so that\n when installing without docs, it does install the LICENSE file\n- Prevent javax.net.ssl.SSLHandshakeException after upgrading from SUSE Manager 3.2 (bsc#1177435)\n\nspacewalk-backend:\n\n- Fix missing `LiteServer.add_suse_products` method (bsc#1178704)\n- Do not raise TypeError when processing SUSE products (bsc#1178704)\n- Fix spacewalk-repo-sync to successfully manage and sync ULN repositories\n- Fix errors in spacewalk-debug and align postgresql queries to new DB version\n- ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)\n- Re-enables possibility to use local repos with repo-sync (bsc#1175607)\n- Add `allow_vendor_change` option to rhn clients for dist upgrades\n\nspacewalk-certs-tools:\n\n- Improve check for correct CA trust store directory (bsc#1176417)\n\nspacewalk-client-tools:\n\n- Update translations\n\nspacewalk-java:\n\n- Update content sensitive help links\n- Update exception message in findSyncedMandatoryChannels\n- Report resolved module dependencies on CLM project details page\n- Allow creating custom ULN repositories with uln:// urls\n- Change message \u0027Minion is down\u0027 to be more accurate\n- Localize documentation links\n- Temp: revert Sync state modules when starting action chain execution (bsc#1177336)\n- Fix check for available products on ISS Slaves (bsc#1177184)\n- XMLRPC: Report architecture label in the list of installed packages (bsc#1176898)\n- Get media.1/products for cloned channels (bsc#1178303)\n- Calculate size to truncate a history message based on the htmlified version (bsc#1178503)\n- Make image pillar visible only in buildhost organization\n- Maintain list of synced images in pillar\n- Enable validation of Content Lifecycle Management entities in the XMLRPC API (bsc#1177706)\n- Fix the order of the arguments in the XMLRPC API doc for contentmanagement.buildProject (bsc#1177704)\n- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)\n- Log token verify errors and check for expired tokens\n- Show only kernel options in advanced autoinstallation page when working with a salt minion (bsc#1177767)\n- Show cluster upgrade plan in the upgrade UI\n- Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)\n- Add new allowVendorChange flag for dist upgrades\n- Sync state modules when starting action chain execution (bsc#1177336)\n- Enable redfish power management by default\n\nspacewalk-search:\n\n- Add multi lang support to the document search\n\nspacewalk-setup:\n\n- Add sock_pool_size setting by default for better performance\n\nspacewalk-web:\n\n- Update content sensitive help links\n- Fix mandatory channels JS API to finish loading in case of error (bsc#1178839)\n- Fix the search panel in CLM filters page\n- Localize documentation links\n- Fix link to documentation in Admin -\u003e Manager Configuration -\u003e Monitoring (bsc#1176172)\n- Show cluster upgrade plan in the upgrade UI\n- Don\u0027t allow selecting spice for Xen PV and PVH guests\n\nsupportutils-plugin-susemanager:\n\n- Remove checks for obsolete packages\n- Gather new configfiles\n- Add more important informations\n\nsusemanager:\n\n- Adapt Debian10 bootstrap repository definition for salt on Python 3\n- Add --force to mgr-create-bootstrap-repo to enforce generation\n even when some products are not synchronized\n\nsusemanager-doc-indexes:\n\n- Added warning about local repositories in the Clients Configuration Guide\n- Removed duplicate contact method entry in Client Configuration Guide\n- Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide\n- Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide\n- Added Salt Minion file contact method to Client Configuration Guide\n- Added Redfish to power management protocols section\n- Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975)\n- Added procedure for adding virtualization guests to the Client Configuration Guide\n- New guide added: Quickstart SAP Guide\n- Add multilang support\n\nsusemanager-docs_en:\n\n- Added warning about local repositories in the Clients Configuration Guide\n- Removed duplicate contact method entry in Client Configuration Guide\n- Enabled upgrade section for SLE clients on Uyuni in Clients Configuration Guide\n- Added a section for working with bootstrap repositories and End of Life products in Client Configuration Guide\n- Added Salt Minion file contact method to Client Configuration Guide\n- Added Redfish to power management protocols section\n- Clarify that port 22 is required for the SUSE Manager server in the installation guide (bsc#1177975)\n- Added procedure for adding virtualization guests to the Client Configuration Guide\n- New guide added: Quickstart SAP Guide\n- Add multilang support\n\nmgr-libmod:\n\n- Fix `module not found` exception handling. (bsc#1179257)\n\nsusemanager-frontend-libs:\n\n- Update Bootstrap to 3.1.0\n\nsusemanager-schema:\n\n- Move dist upgrade SQL file to the correct directory so it gets picked up in schema upgrades (bsc#1179759)\n- Add `preferred_docs_locale` to UserInfo table\n- Add new column to rhnactiondup table for allowVendorChange flag\n\nsusemanager-sls:\n\n- Fix: sync before start action chains (bsc#1177336)\n- Temp: revert Sync state modules when starting action chain execution (bsc#1177336)\n- Handle group- and org-specific image pillars\n- Use require in reboot trigger (bsc#1177767)\n- Add pillar option to get allowVendorChange option during dist upgrade\n- Sync state modules when starting action chain execution (bsc#1177336)\n\nsusemanager-sync-data:\n\n- Add new channel families for CAASP on ARM64 and HPC15 SP2 LTSS\n- Remove duplicate repo definition\n\nuyuni-cluster-provider-caasp:\n\n- Show the cluster upgrade plan in the UI\n\nyomi-formula:\n\n- Update to version 0.0.1+git.1604593202.a2c22bf:\n * storage: hide mountpoint if no filesystem\n * software: migrate repos as certs\n * software: add verify parameter\n * _grains: efi grains are in Salt now\n * software: transfer current repository\n * software: add repository options\n * lvm: fix indentation\n * partitioned: fix parted call and tests\n- Update to version 0.0.1+git.1601999695.6141130:\n * README: add user provided config\n- Update to version 0.0.1+git.1598948600.9a9eab0:\n * Replace fdisk with parted in partitioned\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\nspacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\nspacewalk-schema-upgrade\n5. Start the Spacewalk service:\nspacewalk-service start\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-3781,SUSE-SLE-Module-SUSE-Manager-Server-4.1-2020-3781",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3781-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:3781-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20203781-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:3781-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-December/008063.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172079",
"url": "https://bugzilla.suse.com/1172079"
},
{
"category": "self",
"summary": "SUSE Bug 1172287",
"url": "https://bugzilla.suse.com/1172287"
},
{
"category": "self",
"summary": "SUSE Bug 1175607",
"url": "https://bugzilla.suse.com/1175607"
},
{
"category": "self",
"summary": "SUSE Bug 1175739",
"url": "https://bugzilla.suse.com/1175739"
},
{
"category": "self",
"summary": "SUSE Bug 1175987",
"url": "https://bugzilla.suse.com/1175987"
},
{
"category": "self",
"summary": "SUSE Bug 1176172",
"url": "https://bugzilla.suse.com/1176172"
},
{
"category": "self",
"summary": "SUSE Bug 1176417",
"url": "https://bugzilla.suse.com/1176417"
},
{
"category": "self",
"summary": "SUSE Bug 1176898",
"url": "https://bugzilla.suse.com/1176898"
},
{
"category": "self",
"summary": "SUSE Bug 1177184",
"url": "https://bugzilla.suse.com/1177184"
},
{
"category": "self",
"summary": "SUSE Bug 1177336",
"url": "https://bugzilla.suse.com/1177336"
},
{
"category": "self",
"summary": "SUSE Bug 1177435",
"url": "https://bugzilla.suse.com/1177435"
},
{
"category": "self",
"summary": "SUSE Bug 1177704",
"url": "https://bugzilla.suse.com/1177704"
},
{
"category": "self",
"summary": "SUSE Bug 1177706",
"url": "https://bugzilla.suse.com/1177706"
},
{
"category": "self",
"summary": "SUSE Bug 1177767",
"url": "https://bugzilla.suse.com/1177767"
},
{
"category": "self",
"summary": "SUSE Bug 1177975",
"url": "https://bugzilla.suse.com/1177975"
},
{
"category": "self",
"summary": "SUSE Bug 1178195",
"url": "https://bugzilla.suse.com/1178195"
},
{
"category": "self",
"summary": "SUSE Bug 1178303",
"url": "https://bugzilla.suse.com/1178303"
},
{
"category": "self",
"summary": "SUSE Bug 1178503",
"url": "https://bugzilla.suse.com/1178503"
},
{
"category": "self",
"summary": "SUSE Bug 1178704",
"url": "https://bugzilla.suse.com/1178704"
},
{
"category": "self",
"summary": "SUSE Bug 1178839",
"url": "https://bugzilla.suse.com/1178839"
},
{
"category": "self",
"summary": "SUSE Bug 1179257",
"url": "https://bugzilla.suse.com/1179257"
},
{
"category": "self",
"summary": "SUSE Bug 1179759",
"url": "https://bugzilla.suse.com/1179759"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13692 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13692/"
}
],
"title": "Security update for SUSE Manager Server 4.1",
"tracking": {
"current_release_date": "2020-12-14T11:01:21Z",
"generator": {
"date": "2020-12-14T11:01:21Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:3781-1",
"initial_release_date": "2020-12-14T11:01:21Z",
"revision_history": [
{
"date": "2020-12-14T11:01:21Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.1.22-3.14.6.aarch64",
"product": {
"name": "susemanager-4.1.22-3.14.6.aarch64",
"product_id": "susemanager-4.1.22-3.14.6.aarch64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.1.22-3.14.6.aarch64",
"product": {
"name": "susemanager-tools-4.1.22-3.14.6.aarch64",
"product_id": "susemanager-tools-4.1.22-3.14.6.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"product": {
"name": "image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"product_id": "image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch"
}
},
{
"category": "product_version",
"name": "mgr-daemon-4.1.4-2.9.5.noarch",
"product": {
"name": "mgr-daemon-4.1.4-2.9.5.noarch",
"product_id": "mgr-daemon-4.1.4-2.9.5.noarch"
}
},
{
"category": "product_version",
"name": "mgr-libmod-4.1.5-3.8.2.noarch",
"product": {
"name": "mgr-libmod-4.1.5-3.8.2.noarch",
"product_id": "mgr-libmod-4.1.5-3.8.2.noarch"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-42.2.10-3.3.5.noarch",
"product": {
"name": "postgresql-jdbc-42.2.10-3.3.5.noarch",
"product_id": "postgresql-jdbc-42.2.10-3.3.5.noarch"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-3.3.5.noarch",
"product": {
"name": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-3.3.5.noarch",
"product_id": "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-3.3.5.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"product": {
"name": "python2-spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"product_id": "python2-spacewalk-certs-tools-4.1.14-3.9.5.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-check-4.1.8-4.9.5.noarch",
"product": {
"name": "python2-spacewalk-check-4.1.8-4.9.5.noarch",
"product_id": "python2-spacewalk-check-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-client-setup-4.1.8-4.9.5.noarch",
"product": {
"name": "python2-spacewalk-client-setup-4.1.8-4.9.5.noarch",
"product_id": "python2-spacewalk-client-setup-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "python2-spacewalk-client-tools-4.1.8-4.9.5.noarch",
"product": {
"name": "python2-spacewalk-client-tools-4.1.8-4.9.5.noarch",
"product_id": "python2-spacewalk-client-tools-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"product": {
"name": "python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"product_id": "python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-check-4.1.8-4.9.5.noarch",
"product": {
"name": "python3-spacewalk-check-4.1.8-4.9.5.noarch",
"product_id": "python3-spacewalk-check-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-setup-4.1.8-4.9.5.noarch",
"product": {
"name": "python3-spacewalk-client-setup-4.1.8-4.9.5.noarch",
"product_id": "python3-spacewalk-client-setup-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "python3-spacewalk-client-tools-4.1.8-4.9.5.noarch",
"product": {
"name": "python3-spacewalk-client-tools-4.1.8-4.9.5.noarch",
"product_id": "python3-spacewalk-client-tools-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch",
"product": {
"name": "python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch",
"product_id": "python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch"
}
},
{
"category": "product_version",
"name": "saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"product": {
"name": "saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"product_id": "saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch"
}
},
{
"category": "product_version",
"name": "spacecmd-4.1.9-4.12.5.noarch",
"product": {
"name": "spacecmd-4.1.9-4.12.5.noarch",
"product_id": "spacecmd-4.1.9-4.12.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-admin-4.1.8-3.9.5.noarch",
"product": {
"name": "spacewalk-admin-4.1.8-3.9.5.noarch",
"product_id": "spacewalk-admin-4.1.8-3.9.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-app-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-app-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-app-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-applet-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-applet-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-applet-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-cdn-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-cdn-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-cdn-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-config-files-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-config-files-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-iss-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-iss-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-iss-export-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-iss-export-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-iss-export-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-server-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-server-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-server-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-sql-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-sql-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-tools-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-tools-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-tools-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch",
"product": {
"name": "spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch",
"product_id": "spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-4.1.21-3.12.5.noarch",
"product": {
"name": "spacewalk-base-4.1.21-3.12.5.noarch",
"product_id": "spacewalk-base-4.1.21-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-4.1.21-3.12.5.noarch",
"product": {
"name": "spacewalk-base-minimal-4.1.21-3.12.5.noarch",
"product_id": "spacewalk-base-minimal-4.1.21-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-base-minimal-config-4.1.21-3.12.5.noarch",
"product": {
"name": "spacewalk-base-minimal-config-4.1.21-3.12.5.noarch",
"product_id": "spacewalk-base-minimal-config-4.1.21-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"product": {
"name": "spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"product_id": "spacewalk-certs-tools-4.1.14-3.9.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-check-4.1.8-4.9.5.noarch",
"product": {
"name": "spacewalk-check-4.1.8-4.9.5.noarch",
"product_id": "spacewalk-check-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-setup-4.1.8-4.9.5.noarch",
"product": {
"name": "spacewalk-client-setup-4.1.8-4.9.5.noarch",
"product_id": "spacewalk-client-setup-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-client-tools-4.1.8-4.9.5.noarch",
"product": {
"name": "spacewalk-client-tools-4.1.8-4.9.5.noarch",
"product_id": "spacewalk-client-tools-4.1.8-4.9.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-dobby-4.1.21-3.12.5.noarch",
"product": {
"name": "spacewalk-dobby-4.1.21-3.12.5.noarch",
"product_id": "spacewalk-dobby-4.1.21-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-4.1.21-3.12.5.noarch",
"product": {
"name": "spacewalk-html-4.1.21-3.12.5.noarch",
"product_id": "spacewalk-html-4.1.21-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-html-debug-4.1.21-3.12.5.noarch",
"product": {
"name": "spacewalk-html-debug-4.1.21-3.12.5.noarch",
"product_id": "spacewalk-html-debug-4.1.21-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-4.1.24-3.19.6.noarch",
"product": {
"name": "spacewalk-java-4.1.24-3.19.6.noarch",
"product_id": "spacewalk-java-4.1.24-3.19.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-apidoc-sources-4.1.24-3.19.6.noarch",
"product": {
"name": "spacewalk-java-apidoc-sources-4.1.24-3.19.6.noarch",
"product_id": "spacewalk-java-apidoc-sources-4.1.24-3.19.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-config-4.1.24-3.19.6.noarch",
"product": {
"name": "spacewalk-java-config-4.1.24-3.19.6.noarch",
"product_id": "spacewalk-java-config-4.1.24-3.19.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-lib-4.1.24-3.19.6.noarch",
"product": {
"name": "spacewalk-java-lib-4.1.24-3.19.6.noarch",
"product_id": "spacewalk-java-lib-4.1.24-3.19.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-java-postgresql-4.1.24-3.19.6.noarch",
"product": {
"name": "spacewalk-java-postgresql-4.1.24-3.19.6.noarch",
"product_id": "spacewalk-java-postgresql-4.1.24-3.19.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-search-4.1.4-3.6.6.noarch",
"product": {
"name": "spacewalk-search-4.1.4-3.6.6.noarch",
"product_id": "spacewalk-search-4.1.4-3.6.6.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-setup-4.1.7-3.6.5.noarch",
"product": {
"name": "spacewalk-setup-4.1.7-3.6.5.noarch",
"product_id": "spacewalk-setup-4.1.7-3.6.5.noarch"
}
},
{
"category": "product_version",
"name": "spacewalk-taskomatic-4.1.24-3.19.6.noarch",
"product": {
"name": "spacewalk-taskomatic-4.1.24-3.19.6.noarch",
"product_id": "spacewalk-taskomatic-4.1.24-3.19.6.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-4.1.4-3.3.5.noarch",
"product": {
"name": "supportutils-plugin-susemanager-4.1.4-3.3.5.noarch",
"product_id": "supportutils-plugin-susemanager-4.1.4-3.3.5.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-client-4.1.3-4.3.5.noarch",
"product": {
"name": "supportutils-plugin-susemanager-client-4.1.3-4.3.5.noarch",
"product_id": "supportutils-plugin-susemanager-client-4.1.3-4.3.5.noarch"
}
},
{
"category": "product_version",
"name": "supportutils-plugin-susemanager-proxy-4.1.4-3.3.5.noarch",
"product": {
"name": "supportutils-plugin-susemanager-proxy-4.1.4-3.3.5.noarch",
"product_id": "supportutils-plugin-susemanager-proxy-4.1.4-3.3.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-doc-indexes-4.1-11.20.5.noarch",
"product": {
"name": "susemanager-doc-indexes-4.1-11.20.5.noarch",
"product_id": "susemanager-doc-indexes-4.1-11.20.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-4.1-11.20.5.noarch",
"product": {
"name": "susemanager-docs_en-4.1-11.20.5.noarch",
"product_id": "susemanager-docs_en-4.1-11.20.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-docs_en-pdf-4.1-11.20.5.noarch",
"product": {
"name": "susemanager-docs_en-pdf-4.1-11.20.5.noarch",
"product_id": "susemanager-docs_en-pdf-4.1-11.20.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-4.1.1-3.6.5.noarch",
"product": {
"name": "susemanager-frontend-libs-4.1.1-3.6.5.noarch",
"product_id": "susemanager-frontend-libs-4.1.1-3.6.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-frontend-libs-devel-4.1.1-3.6.5.noarch",
"product": {
"name": "susemanager-frontend-libs-devel-4.1.1-3.6.5.noarch",
"product_id": "susemanager-frontend-libs-devel-4.1.1-3.6.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch",
"product": {
"name": "susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch",
"product_id": "susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-4.1.17-3.16.2.noarch",
"product": {
"name": "susemanager-schema-4.1.17-3.16.2.noarch",
"product_id": "susemanager-schema-4.1.17-3.16.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-schema-sanity-4.1.17-3.16.2.noarch",
"product": {
"name": "susemanager-schema-sanity-4.1.17-3.16.2.noarch",
"product_id": "susemanager-schema-sanity-4.1.17-3.16.2.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sls-4.1.18-3.16.5.noarch",
"product": {
"name": "susemanager-sls-4.1.18-3.16.5.noarch",
"product_id": "susemanager-sls-4.1.18-3.16.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-sync-data-4.1.8-3.6.5.noarch",
"product": {
"name": "susemanager-sync-data-4.1.8-3.6.5.noarch",
"product_id": "susemanager-sync-data-4.1.8-3.6.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-4.1.21-3.12.5.noarch",
"product": {
"name": "susemanager-web-libs-4.1.21-3.12.5.noarch",
"product_id": "susemanager-web-libs-4.1.21-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "susemanager-web-libs-debug-4.1.21-3.12.5.noarch",
"product": {
"name": "susemanager-web-libs-debug-4.1.21-3.12.5.noarch",
"product_id": "susemanager-web-libs-debug-4.1.21-3.12.5.noarch"
}
},
{
"category": "product_version",
"name": "uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch",
"product": {
"name": "uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch",
"product_id": "uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch"
}
},
{
"category": "product_version",
"name": "uyuni-config-modules-4.1.18-3.16.5.noarch",
"product": {
"name": "uyuni-config-modules-4.1.18-3.16.5.noarch",
"product_id": "uyuni-config-modules-4.1.18-3.16.5.noarch"
}
},
{
"category": "product_version",
"name": "yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch",
"product": {
"name": "yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch",
"product_id": "yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.1.22-3.14.6.ppc64le",
"product": {
"name": "susemanager-4.1.22-3.14.6.ppc64le",
"product_id": "susemanager-4.1.22-3.14.6.ppc64le"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.1.22-3.14.6.ppc64le",
"product": {
"name": "susemanager-tools-4.1.22-3.14.6.ppc64le",
"product_id": "susemanager-tools-4.1.22-3.14.6.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.1.22-3.14.6.s390x",
"product": {
"name": "susemanager-4.1.22-3.14.6.s390x",
"product_id": "susemanager-4.1.22-3.14.6.s390x"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.1.22-3.14.6.s390x",
"product": {
"name": "susemanager-tools-4.1.22-3.14.6.s390x",
"product_id": "susemanager-tools-4.1.22-3.14.6.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "susemanager-4.1.22-3.14.6.x86_64",
"product": {
"name": "susemanager-4.1.22-3.14.6.x86_64",
"product_id": "susemanager-4.1.22-3.14.6.x86_64"
}
},
{
"category": "product_version",
"name": "susemanager-tools-4.1.22-3.14.6.x86_64",
"product": {
"name": "susemanager-tools-4.1.22-3.14.6.x86_64",
"product_id": "susemanager-tools-4.1.22-3.14.6.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Manager Server Module 4.1",
"product": {
"name": "SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-suse-manager-server:4.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch"
},
"product_reference": "image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "mgr-libmod-4.1.5-3.8.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:mgr-libmod-4.1.5-3.8.2.noarch"
},
"product_reference": "mgr-libmod-4.1.5-3.8.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-42.2.10-3.3.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-3.3.5.noarch"
},
"product_reference": "postgresql-jdbc-42.2.10-3.3.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch"
},
"product_reference": "python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-spacewalk-client-tools-4.1.8-4.9.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-spacewalk-client-tools-4.1.8-4.9.5.noarch"
},
"product_reference": "python3-spacewalk-client-tools-4.1.8-4.9.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch"
},
"product_reference": "python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch"
},
"product_reference": "saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacecmd-4.1.9-4.12.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacecmd-4.1.9-4.12.5.noarch"
},
"product_reference": "spacecmd-4.1.9-4.12.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-admin-4.1.8-3.9.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-admin-4.1.8-3.9.5.noarch"
},
"product_reference": "spacewalk-admin-4.1.8-3.9.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-app-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-app-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-applet-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-applet-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-config-files-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-iss-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-iss-export-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-iss-export-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-server-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-server-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-sql-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-tools-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-tools-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch"
},
"product_reference": "spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-4.1.21-3.12.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-base-4.1.21-3.12.5.noarch"
},
"product_reference": "spacewalk-base-4.1.21-3.12.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-4.1.21-3.12.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.21-3.12.5.noarch"
},
"product_reference": "spacewalk-base-minimal-4.1.21-3.12.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-base-minimal-config-4.1.21-3.12.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.21-3.12.5.noarch"
},
"product_reference": "spacewalk-base-minimal-config-4.1.21-3.12.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-certs-tools-4.1.14-3.9.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.14-3.9.5.noarch"
},
"product_reference": "spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-client-tools-4.1.8-4.9.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-client-tools-4.1.8-4.9.5.noarch"
},
"product_reference": "spacewalk-client-tools-4.1.8-4.9.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-html-4.1.21-3.12.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-html-4.1.21-3.12.5.noarch"
},
"product_reference": "spacewalk-html-4.1.21-3.12.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-4.1.24-3.19.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-java-4.1.24-3.19.6.noarch"
},
"product_reference": "spacewalk-java-4.1.24-3.19.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-config-4.1.24-3.19.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.24-3.19.6.noarch"
},
"product_reference": "spacewalk-java-config-4.1.24-3.19.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-lib-4.1.24-3.19.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.24-3.19.6.noarch"
},
"product_reference": "spacewalk-java-lib-4.1.24-3.19.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-java-postgresql-4.1.24-3.19.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.24-3.19.6.noarch"
},
"product_reference": "spacewalk-java-postgresql-4.1.24-3.19.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-search-4.1.4-3.6.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-search-4.1.4-3.6.6.noarch"
},
"product_reference": "spacewalk-search-4.1.4-3.6.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-setup-4.1.7-3.6.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-setup-4.1.7-3.6.5.noarch"
},
"product_reference": "spacewalk-setup-4.1.7-3.6.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "spacewalk-taskomatic-4.1.24-3.19.6.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.24-3.19.6.noarch"
},
"product_reference": "spacewalk-taskomatic-4.1.24-3.19.6.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "supportutils-plugin-susemanager-4.1.4-3.3.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:supportutils-plugin-susemanager-4.1.4-3.3.5.noarch"
},
"product_reference": "supportutils-plugin-susemanager-4.1.4-3.3.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.1.22-3.14.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.ppc64le"
},
"product_reference": "susemanager-4.1.22-3.14.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.1.22-3.14.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.s390x"
},
"product_reference": "susemanager-4.1.22-3.14.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-4.1.22-3.14.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.x86_64"
},
"product_reference": "susemanager-4.1.22-3.14.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-doc-indexes-4.1-11.20.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.20.5.noarch"
},
"product_reference": "susemanager-doc-indexes-4.1-11.20.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-4.1-11.20.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.20.5.noarch"
},
"product_reference": "susemanager-docs_en-4.1-11.20.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-docs_en-pdf-4.1-11.20.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.20.5.noarch"
},
"product_reference": "susemanager-docs_en-pdf-4.1-11.20.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-frontend-libs-4.1.1-3.6.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.1-3.6.5.noarch"
},
"product_reference": "susemanager-frontend-libs-4.1.1-3.6.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch"
},
"product_reference": "susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-schema-4.1.17-3.16.2.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-schema-4.1.17-3.16.2.noarch"
},
"product_reference": "susemanager-schema-4.1.17-3.16.2.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sls-4.1.18-3.16.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-sls-4.1.18-3.16.5.noarch"
},
"product_reference": "susemanager-sls-4.1.18-3.16.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-sync-data-4.1.8-3.6.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.8-3.6.5.noarch"
},
"product_reference": "susemanager-sync-data-4.1.8-3.6.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.1.22-3.14.6.ppc64le as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.ppc64le"
},
"product_reference": "susemanager-tools-4.1.22-3.14.6.ppc64le",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.1.22-3.14.6.s390x as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.s390x"
},
"product_reference": "susemanager-tools-4.1.22-3.14.6.s390x",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-tools-4.1.22-3.14.6.x86_64 as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.x86_64"
},
"product_reference": "susemanager-tools-4.1.22-3.14.6.x86_64",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "susemanager-web-libs-4.1.21-3.12.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.21-3.12.5.noarch"
},
"product_reference": "susemanager-web-libs-4.1.21-3.12.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch"
},
"product_reference": "uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "uyuni-config-modules-4.1.18-3.16.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:uyuni-config-modules-4.1.18-3.16.5.noarch"
},
"product_reference": "uyuni-config-modules-4.1.18-3.16.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch as component of SUSE Manager Server Module 4.1",
"product_id": "SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch"
},
"product_reference": "yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch",
"relates_to_product_reference": "SUSE Manager Server Module 4.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13692"
}
],
"notes": [
{
"category": "general",
"text": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Manager Server Module 4.1:image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"SUSE Manager Server Module 4.1:mgr-libmod-4.1.5-3.8.2.noarch",
"SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-3.3.5.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-client-tools-4.1.8-4.9.5.noarch",
"SUSE Manager Server Module 4.1:python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch",
"SUSE Manager Server Module 4.1:saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacecmd-4.1.9-4.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-admin-4.1.8-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-client-tools-4.1.8-4.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-html-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-search-4.1.4-3.6.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-setup-4.1.7-3.6.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:supportutils-plugin-susemanager-4.1.4-3.3.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.1-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-schema-4.1.17-3.16.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-sls-4.1.18-3.16.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.8-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch",
"SUSE Manager Server Module 4.1:uyuni-config-modules-4.1.18-3.16.5.noarch",
"SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13692",
"url": "https://www.suse.com/security/cve/CVE-2020-13692"
},
{
"category": "external",
"summary": "SUSE Bug 1172746 for CVE-2020-13692",
"url": "https://bugzilla.suse.com/1172746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Manager Server Module 4.1:image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"SUSE Manager Server Module 4.1:mgr-libmod-4.1.5-3.8.2.noarch",
"SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-3.3.5.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-client-tools-4.1.8-4.9.5.noarch",
"SUSE Manager Server Module 4.1:python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch",
"SUSE Manager Server Module 4.1:saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacecmd-4.1.9-4.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-admin-4.1.8-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-client-tools-4.1.8-4.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-html-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-search-4.1.4-3.6.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-setup-4.1.7-3.6.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:supportutils-plugin-susemanager-4.1.4-3.3.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.1-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-schema-4.1.17-3.16.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-sls-4.1.18-3.16.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.8-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch",
"SUSE Manager Server Module 4.1:uyuni-config-modules-4.1.18-3.16.5.noarch",
"SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Manager Server Module 4.1:image-sync-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"SUSE Manager Server Module 4.1:mgr-libmod-4.1.5-3.8.2.noarch",
"SUSE Manager Server Module 4.1:postgresql-jdbc-42.2.10-3.3.5.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"SUSE Manager Server Module 4.1:python3-spacewalk-client-tools-4.1.8-4.9.5.noarch",
"SUSE Manager Server Module 4.1:python3-susemanager-retail-1.0.1605087464.65d1b51-3.6.5.noarch",
"SUSE Manager Server Module 4.1:saltboot-formula-0.1.1605087464.65d1b51-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacecmd-4.1.9-4.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-admin-4.1.8-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-app-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-applet-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-common-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-config-files-tool-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-iss-export-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-package-push-server-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-server-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-sql-postgresql-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-tools-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xml-export-libs-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-backend-xmlrpc-4.1.18-4.14.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-base-minimal-config-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-certs-tools-4.1.14-3.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-client-tools-4.1.8-4.9.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-html-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-config-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-lib-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-java-postgresql-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-search-4.1.4-3.6.6.noarch",
"SUSE Manager Server Module 4.1:spacewalk-setup-4.1.7-3.6.5.noarch",
"SUSE Manager Server Module 4.1:spacewalk-taskomatic-4.1.24-3.19.6.noarch",
"SUSE Manager Server Module 4.1:supportutils-plugin-susemanager-4.1.4-3.3.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-4.1.22-3.14.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-doc-indexes-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-docs_en-pdf-4.1-11.20.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-frontend-libs-4.1.1-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-retail-tools-1.0.1605087464.65d1b51-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-schema-4.1.17-3.16.2.noarch",
"SUSE Manager Server Module 4.1:susemanager-sls-4.1.18-3.16.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-sync-data-4.1.8-3.6.5.noarch",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.ppc64le",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.s390x",
"SUSE Manager Server Module 4.1:susemanager-tools-4.1.22-3.14.6.x86_64",
"SUSE Manager Server Module 4.1:susemanager-web-libs-4.1.21-3.12.5.noarch",
"SUSE Manager Server Module 4.1:uyuni-cluster-provider-caasp-4.1.3-3.3.5.noarch",
"SUSE Manager Server Module 4.1:uyuni-config-modules-4.1.18-3.16.5.noarch",
"SUSE Manager Server Module 4.1:yomi-formula-0.0.1+git.1604593202.a2c22bf-3.6.5.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-12-14T11:01:21Z",
"details": "moderate"
}
],
"title": "CVE-2020-13692"
}
]
}
SUSE-SU-2021:0599-1
Vulnerability from csaf_suse - Published: 2021-02-25 09:51 - Updated: 2021-02-25 09:51Summary
Security update for postgresql-jdbc
Severity
Moderate
Notes
Title of the patch: Security update for postgresql-jdbc
Description of the patch: This update for postgresql-jdbc fixes the following issues:
- CVE-2020-13692: Fixed a XML External Entity vulnerability (bsc#1172746) .
Patchnames: SUSE-2021-599,SUSE-SLE-SERVER-12-SP5-2021-599
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
5.6 (Medium)
Affected products
Recommended
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch | — |
Vendor Fix
|
Threats
Impact
moderate
References
8 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for postgresql-jdbc",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for postgresql-jdbc fixes the following issues:\n\n- CVE-2020-13692: Fixed a XML External Entity vulnerability (bsc#1172746) .\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2021-599,SUSE-SLE-SERVER-12-SP5-2021-599",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_0599-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2021:0599-1",
"url": "https://www.suse.com/support/update/announcement/2021/suse-su-20210599-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2021:0599-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2021-February/008368.html"
},
{
"category": "self",
"summary": "SUSE Bug 1172746",
"url": "https://bugzilla.suse.com/1172746"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-13692 page",
"url": "https://www.suse.com/security/cve/CVE-2020-13692/"
}
],
"title": "Security update for postgresql-jdbc",
"tracking": {
"current_release_date": "2021-02-25T09:51:36Z",
"generator": {
"date": "2021-02-25T09:51:36Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2021:0599-1",
"initial_release_date": "2021-02-25T09:51:36Z",
"revision_history": [
{
"date": "2021-02-25T09:51:36Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "postgresql-jdbc-9.4-3.3.1.noarch",
"product": {
"name": "postgresql-jdbc-9.4-3.3.1.noarch",
"product_id": "postgresql-jdbc-9.4-3.3.1.noarch"
}
},
{
"category": "product_version",
"name": "postgresql-jdbc-javadoc-9.4-3.3.1.noarch",
"product": {
"name": "postgresql-jdbc-javadoc-9.4-3.3.1.noarch",
"product_id": "postgresql-jdbc-javadoc-9.4-3.3.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-9.4-3.3.1.noarch as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch"
},
"product_reference": "postgresql-jdbc-9.4-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "postgresql-jdbc-9.4-3.3.1.noarch as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch"
},
"product_reference": "postgresql-jdbc-9.4-3.3.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-13692",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-13692"
}
],
"notes": [
{
"category": "general",
"text": "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-13692",
"url": "https://www.suse.com/security/cve/CVE-2020-13692"
},
{
"category": "external",
"summary": "SUSE Bug 1172746 for CVE-2020-13692",
"url": "https://bugzilla.suse.com/1172746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Server 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:postgresql-jdbc-9.4-3.3.1.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-02-25T09:51:36Z",
"details": "moderate"
}
],
"title": "CVE-2020-13692"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…