Vulnerability from csaf_suse
Published
2020-11-20 14:06
Modified
2020-11-20 14:06
Summary
Security update for SUSE Manager Server 4.0
Notes
Title of the patch
Security update for SUSE Manager Server 4.0
Description of the patch
This update fixes the following issues:
bind-formula:
- Temporarily disable dnssec-validation as hotfix for bsc#1177790
- Update to version 0.1.1603299886.60e4bcf
grafana-formula:
- Use variable for product name
- Add support for system groups in Client Systems dashboard
postgresql-jdbc:
- Address CVE-2020-13692 (bsc#1172079)
- Add patch:
- Major changes since 9.4-1200:
* License changed to BSD-2-Clause and BSD-3-Clause and Apache-2.0
* Support PostgreSQL 9.5, 9.6, 10 11 and 12 added
* Support for PostgreSQL versions below 8.2 was dropped
* Support for JDK8, JDK9, JDK10, JDK11 and JDK12
* Support for JDK 1.4 and 1.5 was dropped
* Support for JDBC 4.2 added
* Add maxResultBuffer property
* Add caller push of binary data
* Read only transactions
* pkcs12 key functionality
* New 'escapeSyntaxCallMode' connection property
* Connection property to limit server error detail in exception
exceptions
* CancelQuery() to PGConnection public interface
* Support for large update counts (JDBC 4.2)
* Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY
* Expose parameter status messages (GUC_REPORT) to the user
* Log ignoring rollback when no transaction in progress
* Map inet type to InetAddress
* Change ISGENERATED to ISGENERATEDCOLUMN as per spec
* Support temporary replication slots in ReplicationCreateSlotBuilder
* Return function (PostgreSQL 11) columns in PgDatabaseMetaData#getFunctionColumns
* Return information on create replication slot, now the snapshot_name
is exported to allow a consistent snapshot in some uses cases
* `ssl=true` implies `sslmode=verify-full`, that is it requires valid
server certificate
* Support for `sslmode=allow/prefer/require`
* Added server hostname verification for non-default SSL factories in
`sslmode=verify-full` (CVE-2018-10936)
* PreparedStatement.setNull(int parameterIndex, int t, String typeName)
no longer ignores the typeName argument if it is not setNull
* Reduce the severity of the error log messages when an exception is
re-thrown. The error will be thrown to caller to be dealt with so no need
to log at this verbosity by pgjdbc
* Deprecate Fastpath API PR 903
* Support parenthesis in {oj ...} JDBC escape syntax
* socksProxyHost is ignored in case it contains empty string
* Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+)
using the Ongres SCRAM library
* Make SELECT INTO and CREATE TABLE AS return row counts to the client in
their command tags
* Support Subject Alternative Names for SSL connections
* Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column
* Support for primitive arrays PR 887 3e0491a
* Implement support for get/setNetworkTimeout() in connections
* Make GSS JAAS login optional, add an option 'jaasLogin'
* Improve behaviour of ResultSet.getObject(int, Class)
* Parse CommandComplete message using a regular expression, allows complete
catch of server returned commands for INSERT, UPDATE, DELETE, SELECT,
FETCH, MOVE,COPY and future commands.
* Use 'time with timezone' and 'timestamp with timezone' as is and ignore the
user provided Calendars, 'time' and 'timestamp' work as earlier except
'00:00:00' now maps to 1970-01-01 and '24:00:00' uses the system provided
Calendar ignoring the user-provided one
* Change behaviour of multihost connection. The new behaviour is to try all
secondaries first before trying the master
* Drop support for the (insecure) crypt authentication method
* slave and preferSlave values for the targetServerType connection property
have been deprecated in favour of secondary and preferSecondary
respectively
* Statements with non-zero fetchSize no longer require server-side
named handle. This might cause issues when using old PostgreSQL versions
(pre-8.4)+fetchSize+interleaved ResultSet processing combo
* Better logic for returning keyword detection. Previously, pgjdbc could be
defeated by column names that contain returning, so pgjdbc failed to
'return generated keys' as it considered statement as already having
returning keyword
* Use server-prepared statements for batch inserts when prepareThreshold>0.
This enables batch to use server-prepared from the first executeBatch()
execution (previously it waited for prepareThreshold executeBatch() calls)
* Replication protocol API was added: replication API documentation
* java.util.logging is now used for logging: logging documentation
* Add support for PreparedStatement.setCharacterStream(int, Reader)
* Ensure executeBatch() can be used with pgbouncer. Previously pgjdbc could
use server-prepared statements for batch execution even with
prepareThreshold=0
* Error position is displayed when SQL has unterminated literals,
comments, etc
* Strict handling of accepted values in getBoolean and setObject(BOOLEAN),
now it follows PostgreSQL accepted values, only 1 and 0 for numeric types
are acepted (previusly !=0 was true)
* Deprecated PGPoolingDataSource, instead of this class you should use a
fully featured connection pool like HikariCP, vibur-dbcp, commons-dbcp,
c3p0, etc
* 'current transaction is aborted' exception includes the original exception
via caused-by chain
* Better support for RETURNGENERATEDKEYS, statements with RETURNING clause
* Avoid user-visible prepared-statement errors if client uses
DEALLOCATE/DISCARD statements (invalidate cache when those statements
detected)
* Avoid user-visible prepared-statement errors if client changes searchpath
(invalidate cache when set searchpath detected)
* Support comments when replacing {fn ...} JDBC syntax
* Support for Types.REF_CURSOR
* Performance optimization for timestamps (~TimeZone.getDefault optimization)
* Ability to customize socket factory (e.g. for unix domain sockets)
* Ignore empty sub-queries in composite queries
* Add equality support to PSQLState
* Improved composite/array type support and type naming changes.
- Update to version 42.2.10
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.10
- Update to version 42.2.9
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.9
- Update to version 42.2.8
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.8
- Update to version 42.2.7
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.7
- Update to version 42.2.6
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.6
- Update to version 42.2.5
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.5
- Update to version 42.2.4
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.4
- Update to version 42.2.3
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.3
- Update to version 42.2.2
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.2
- Update to version 42.2.1
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.1
- Update to version 42.2.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.0
- Update to version 42.1.4
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.4
- Update to version 42.1.3
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.3
- Update to version 42.1.2
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.2
- Update to version 42.1.1
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1
- Update to version 42.1.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1
- Update to version 42.2.0
* https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.0
- Update to version 9.4.1211
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1211
- Update to version 9.4.1210
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1210
- Update to version 9.4.1209
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1209
- Update to version 9.4.1208
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1208
- Update to version 9.4.1207
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1207
- Update to version 9.4.1206
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1206
- Update to version 9.4.1205
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204
- Update to version 9.4.1204
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204
- Update to version 9.4.1203
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1203
- Update to version 9.4.1202
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1202
- Update to version 9.4.1201
* https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1201
prometheus-exporters-formula:
- Fix empty directory values initialization
- Disable reverse proxy on default
prometheus-formula:
- Update to version 0.2.3
- Disable Alertmanager clustering (bsc#1178145)
- Update to version 0.2.2
- Use variable for product name
salt-netapi-client:
- Version 0.18.0
See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0
spacewalk-admin:
- Use the license macro to mark the LICENSE in the package so that
when installing without docs, it does install the LICENSE file
- Prevent javax.net.ssl.SSLHandshakeException after upgrading from
SUSE Manager 3.2 (bsc#1177435)
spacewalk-backend:
- ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)
- Fix unique machine_id detection (bsc#1176074)
spacewalk-java:
- Revert: Sync state modules when starting action chain execution (bsc#1177336)
- Sync state modules when starting action chain execution (bsc#1177336)
- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)
- Log token verify errors and check for expired tokens
- Execute Salt SSH actions in parallel (bsc#1173199)
- Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)
- Fix action chain resuming when patches updating salt-minion don't cause service to be
restarted (bsc#1144447)
- Renaming autoinstall distro didn't change the name of the Cobbler distro (bsc#1175876)
spacewalk-web:
- Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)
- Don't allow selecting spice for Xen PV and PVH guests
susemanager:
- Add --force to mgr-create-bootstrap-repo to enforce generation
even when some products are not synchronized
susemanager-schema:
- Execute Salt SSH actions in parallel (bsc#1173199)
susemanager-sls:
- Revert: Sync state modules when starting action chain execution (bsc#1177336)
- Sync state modules when starting action chain execution (bsc#1177336)
- Fix grub2 autoinstall kernel path (bsc#1178060)
- Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer
- Fix action chain resuming when patches updating salt-minion don't cause service to be
restarted (bsc#1144447)
- Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876)
How to apply this update:
1. Log in as root user to the SUSE Manager server.
2. Stop the Spacewalk service:
spacewalk-service stop
3. Apply the patch using either zypper patch or YaST Online Update.
4. Upgrade the database schema:
spacewalk-schema-upgrade
5. Start the Spacewalk service:
spacewalk-service start
Patchnames
SUSE-2020-3466,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-3466
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for SUSE Manager Server 4.0", title: "Title of the patch", }, { category: "description", text: "\nThis update fixes the following issues:\n\nbind-formula:\n\n- Temporarily disable dnssec-validation as hotfix for bsc#1177790\n- Update to version 0.1.1603299886.60e4bcf\n\ngrafana-formula:\n\n- Use variable for product name\n- Add support for system groups in Client Systems dashboard\n\npostgresql-jdbc:\n\n- Address CVE-2020-13692 (bsc#1172079)\n- Add patch:\n- Major changes since 9.4-1200:\n * License changed to BSD-2-Clause and BSD-3-Clause and Apache-2.0\n * Support PostgreSQL 9.5, 9.6, 10 11 and 12 added\n * Support for PostgreSQL versions below 8.2 was dropped\n * Support for JDK8, JDK9, JDK10, JDK11 and JDK12\n * Support for JDK 1.4 and 1.5 was dropped\n * Support for JDBC 4.2 added\n * Add maxResultBuffer property\n * Add caller push of binary data\n * Read only transactions\n * pkcs12 key functionality\n * New 'escapeSyntaxCallMode' connection property\n * Connection property to limit server error detail in exception\n exceptions\n * CancelQuery() to PGConnection public interface\n * Support for large update counts (JDBC 4.2)\n * Add Binary Support for Oid.NUMERIC and Oid.NUMERIC_ARRAY\n * Expose parameter status messages (GUC_REPORT) to the user\n * Log ignoring rollback when no transaction in progress\n * Map inet type to InetAddress\n * Change ISGENERATED to ISGENERATEDCOLUMN as per spec\n * Support temporary replication slots in ReplicationCreateSlotBuilder\n * Return function (PostgreSQL 11) columns in PgDatabaseMetaData#getFunctionColumns\n * Return information on create replication slot, now the snapshot_name\n is exported to allow a consistent snapshot in some uses cases\n * `ssl=true` implies `sslmode=verify-full`, that is it requires valid\n server certificate\n * Support for `sslmode=allow/prefer/require`\n * Added server hostname verification for non-default SSL factories in\n `sslmode=verify-full` (CVE-2018-10936)\n * PreparedStatement.setNull(int parameterIndex, int t, String typeName)\n no longer ignores the typeName argument if it is not setNull\n * Reduce the severity of the error log messages when an exception is\n re-thrown. The error will be thrown to caller to be dealt with so no need\n to log at this verbosity by pgjdbc\n * Deprecate Fastpath API PR 903\n * Support parenthesis in {oj ...} JDBC escape syntax\n * socksProxyHost is ignored in case it contains empty string\n * Support SCRAM-SHA-256 for PostgreSQL 10 in the JDBC 4.2 version (Java 8+)\n using the Ongres SCRAM library\n * Make SELECT INTO and CREATE TABLE AS return row counts to the client in\n their command tags\n * Support Subject Alternative Names for SSL connections\n * Support isAutoIncrement metadata for PostgreSQL 10 IDENTITY column\n * Support for primitive arrays PR 887 3e0491a\n * Implement support for get/setNetworkTimeout() in connections\n * Make GSS JAAS login optional, add an option 'jaasLogin'\n * Improve behaviour of ResultSet.getObject(int, Class)\n * Parse CommandComplete message using a regular expression, allows complete\n catch of server returned commands for INSERT, UPDATE, DELETE, SELECT,\n FETCH, MOVE,COPY and future commands.\n * Use 'time with timezone' and 'timestamp with timezone' as is and ignore the\n user provided Calendars, 'time' and 'timestamp' work as earlier except\n '00:00:00' now maps to 1970-01-01 and '24:00:00' uses the system provided\n Calendar ignoring the user-provided one\n * Change behaviour of multihost connection. The new behaviour is to try all\n secondaries first before trying the master\n * Drop support for the (insecure) crypt authentication method\n * slave and preferSlave values for the targetServerType connection property\n have been deprecated in favour of secondary and preferSecondary\n respectively\n * Statements with non-zero fetchSize no longer require server-side\n named handle. This might cause issues when using old PostgreSQL versions\n (pre-8.4)+fetchSize+interleaved ResultSet processing combo\n * Better logic for returning keyword detection. Previously, pgjdbc could be\n defeated by column names that contain returning, so pgjdbc failed to\n 'return generated keys' as it considered statement as already having\n returning keyword\n * Use server-prepared statements for batch inserts when prepareThreshold>0.\n This enables batch to use server-prepared from the first executeBatch()\n execution (previously it waited for prepareThreshold executeBatch() calls)\n * Replication protocol API was added: replication API documentation\n * java.util.logging is now used for logging: logging documentation\n * Add support for PreparedStatement.setCharacterStream(int, Reader)\n * Ensure executeBatch() can be used with pgbouncer. Previously pgjdbc could\n use server-prepared statements for batch execution even with\n prepareThreshold=0\n * Error position is displayed when SQL has unterminated literals,\n comments, etc\n * Strict handling of accepted values in getBoolean and setObject(BOOLEAN),\n now it follows PostgreSQL accepted values, only 1 and 0 for numeric types\n are acepted (previusly !=0 was true)\n * Deprecated PGPoolingDataSource, instead of this class you should use a\n fully featured connection pool like HikariCP, vibur-dbcp, commons-dbcp,\n c3p0, etc\n * 'current transaction is aborted' exception includes the original exception\n via caused-by chain\n * Better support for RETURNGENERATEDKEYS, statements with RETURNING clause\n * Avoid user-visible prepared-statement errors if client uses\n DEALLOCATE/DISCARD statements (invalidate cache when those statements\n detected)\n * Avoid user-visible prepared-statement errors if client changes searchpath\n (invalidate cache when set searchpath detected)\n * Support comments when replacing {fn ...} JDBC syntax\n * Support for Types.REF_CURSOR\n * Performance optimization for timestamps (~TimeZone.getDefault optimization)\n * Ability to customize socket factory (e.g. for unix domain sockets)\n * Ignore empty sub-queries in composite queries\n * Add equality support to PSQLState\n * Improved composite/array type support and type naming changes.\n- Update to version 42.2.10\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.10\n- Update to version 42.2.9\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.9\n- Update to version 42.2.8\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.8\n- Update to version 42.2.7\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.7\n- Update to version 42.2.6\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.6\n- Update to version 42.2.5\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.5\n- Update to version 42.2.4\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.4\n- Update to version 42.2.3\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.3\n- Update to version 42.2.2\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.2\n- Update to version 42.2.1\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.1\n- Update to version 42.2.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.2.0\n- Update to version 42.1.4\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.4\n- Update to version 42.1.3\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.3\n- Update to version 42.1.2\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.2\n- Update to version 42.1.1\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1\n- Update to version 42.1.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.1\n- Update to version 42.2.0\n * https://jdbc.postgresql.org/documentation/changelog.html#version_42.1.0\n- Update to version 9.4.1211\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1211\n- Update to version 9.4.1210\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1210\n- Update to version 9.4.1209\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1209\n- Update to version 9.4.1208\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1208\n- Update to version 9.4.1207\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1207\n- Update to version 9.4.1206\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1206\n- Update to version 9.4.1205\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204\n- Update to version 9.4.1204\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1204\n- Update to version 9.4.1203\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1203\n- Update to version 9.4.1202\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1202\n- Update to version 9.4.1201\n * https://jdbc.postgresql.org/documentation/changelog.html#version_9.4-1201\n\nprometheus-exporters-formula:\n\n- Fix empty directory values initialization\n- Disable reverse proxy on default\n\nprometheus-formula:\n\n- Update to version 0.2.3\n- Disable Alertmanager clustering (bsc#1178145)\n- Update to version 0.2.2\n- Use variable for product name\n\nsalt-netapi-client:\n\n- Version 0.18.0\n See: https://github.com/SUSE/salt-netapi-client/releases/tag/v0.18.0\n\nspacewalk-admin:\n\n- Use the license macro to mark the LICENSE in the package so that\n when installing without docs, it does install the LICENSE file\n- Prevent javax.net.ssl.SSLHandshakeException after upgrading from\n SUSE Manager 3.2 (bsc#1177435)\n\nspacewalk-backend:\n\n- ISS: Differentiate packages with same nevra but different checksum in the same channel (bsc#1178195)\n- Fix unique machine_id detection (bsc#1176074)\n\nspacewalk-java:\n\n- Revert: Sync state modules when starting action chain execution (bsc#1177336)\n- Sync state modules when starting action chain execution (bsc#1177336)\n- Fix repo url of AppStream in generated RHEL/Centos 8 kickstart file (bsc#1175739)\n- Log token verify errors and check for expired tokens\n- Execute Salt SSH actions in parallel (bsc#1173199)\n- Take pool and volume from Salt virt.vm_info for files and blocks disks (bsc#1175987)\n- Fix action chain resuming when patches updating salt-minion don't cause service to be\n restarted (bsc#1144447)\n- Renaming autoinstall distro didn't change the name of the Cobbler distro (bsc#1175876)\n\nspacewalk-web:\n\n- Fix link to documentation in Admin -> Manager Configuration -> Monitoring (bsc#1176172)\n- Don't allow selecting spice for Xen PV and PVH guests\n\nsusemanager:\n\n- Add --force to mgr-create-bootstrap-repo to enforce generation\n even when some products are not synchronized\n\nsusemanager-schema:\n\n- Execute Salt SSH actions in parallel (bsc#1173199)\n\nsusemanager-sls:\n\n- Revert: Sync state modules when starting action chain execution (bsc#1177336)\n- Sync state modules when starting action chain execution (bsc#1177336)\n- Fix grub2 autoinstall kernel path (bsc#1178060)\n- Move channel token information from sources.list to auth.conf on Debian 10 and Ubuntu 18 and newer\n- Fix action chain resuming when patches updating salt-minion don't cause service to be\n restarted (bsc#1144447)\n- Make grub2 autoinstall kernel path relative to the boot partition root (bsc#1175876)\n\nHow to apply this update:\n1. Log in as root user to the SUSE Manager server.\n2. Stop the Spacewalk service:\nspacewalk-service stop\n3. Apply the patch using either zypper patch or YaST Online Update.\n4. Upgrade the database schema:\nspacewalk-schema-upgrade\n5. Start the Spacewalk service:\nspacewalk-service start\n", title: "Description of the patch", }, { category: "details", text: "SUSE-2020-3466,SUSE-SLE-Module-SUSE-Manager-Server-4.0-2020-3466", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_3466-1.json", }, { category: "self", summary: "URL for SUSE-SU-2020:3466-1", url: "https://www.suse.com/support/update/announcement/2020/suse-su-20203466-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2020:3466-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2020-November/007827.html", }, { category: "self", summary: "SUSE Bug 1144447", url: "https://bugzilla.suse.com/1144447", }, { category: "self", summary: "SUSE Bug 1172079", url: "https://bugzilla.suse.com/1172079", }, { category: "self", summary: "SUSE Bug 1173199", url: "https://bugzilla.suse.com/1173199", }, { category: "self", summary: "SUSE Bug 1175739", url: "https://bugzilla.suse.com/1175739", }, { category: "self", summary: "SUSE Bug 1175876", url: "https://bugzilla.suse.com/1175876", }, { category: "self", summary: "SUSE Bug 1175987", url: "https://bugzilla.suse.com/1175987", }, { category: "self", summary: "SUSE Bug 1176074", url: "https://bugzilla.suse.com/1176074", }, { category: "self", summary: "SUSE Bug 1176172", url: "https://bugzilla.suse.com/1176172", }, { category: "self", summary: "SUSE Bug 1177336", url: "https://bugzilla.suse.com/1177336", }, { category: "self", summary: "SUSE Bug 1177435", url: "https://bugzilla.suse.com/1177435", }, { category: "self", summary: "SUSE Bug 1177790", url: "https://bugzilla.suse.com/1177790", }, { category: "self", summary: "SUSE Bug 1178060", url: "https://bugzilla.suse.com/1178060", }, { category: "self", summary: "SUSE Bug 1178145", url: "https://bugzilla.suse.com/1178145", }, { category: "self", summary: "SUSE Bug 1178195", url: "https://bugzilla.suse.com/1178195", }, { category: "self", summary: "SUSE CVE CVE-2018-10936 page", url: "https://www.suse.com/security/cve/CVE-2018-10936/", }, { category: "self", summary: "SUSE CVE CVE-2020-13692 page", url: "https://www.suse.com/security/cve/CVE-2020-13692/", }, ], title: "Security update for SUSE Manager Server 4.0", tracking: { current_release_date: "2020-11-20T14:06:24Z", generator: { date: "2020-11-20T14:06:24Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2020:3466-1", initial_release_date: "2020-11-20T14:06:24Z", revision_history: [ { date: "2020-11-20T14:06:24Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "susemanager-4.0.32-3.46.1.aarch64", product: { name: "susemanager-4.0.32-3.46.1.aarch64", product_id: "susemanager-4.0.32-3.46.1.aarch64", }, }, { category: "product_version", name: "susemanager-tools-4.0.32-3.46.1.aarch64", product: { name: "susemanager-tools-4.0.32-3.46.1.aarch64", product_id: "susemanager-tools-4.0.32-3.46.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", product: { name: "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", product_id: "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", }, }, { category: "product_version", name: "grafana-formula-0.2.2-4.13.1.noarch", product: { name: "grafana-formula-0.2.2-4.13.1.noarch", product_id: "grafana-formula-0.2.2-4.13.1.noarch", }, }, { category: "product_version", name: "postgresql-jdbc-42.2.10-3.3.1.noarch", product: { name: "postgresql-jdbc-42.2.10-3.3.1.noarch", product_id: "postgresql-jdbc-42.2.10-3.3.1.noarch", }, }, { category: "product_version", name: "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch", product: { name: "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch", product_id: "postgresql-jdbc-kit-ec0cc5fc6bd7ad735992aa662a7953e45a9faf52-4.3.1.noarch", }, }, { category: "product_version", name: "prometheus-exporters-formula-0.7.5-3.16.1.noarch", product: { name: "prometheus-exporters-formula-0.7.5-3.16.1.noarch", product_id: "prometheus-exporters-formula-0.7.5-3.16.1.noarch", }, }, { category: "product_version", name: "prometheus-formula-0.2.3-4.16.1.noarch", product: { name: "prometheus-formula-0.2.3-4.16.1.noarch", product_id: "prometheus-formula-0.2.3-4.16.1.noarch", }, }, { category: "product_version", name: "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", product: { name: "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", product_id: "python2-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", }, }, { category: "product_version", name: "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", product: { name: "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", product_id: "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", product: { name: "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", product_id: "python3-zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", }, }, { category: "product_version", name: "salt-netapi-client-0.18.0-4.12.1.noarch", product: { name: "salt-netapi-client-0.18.0-4.12.1.noarch", product_id: "salt-netapi-client-0.18.0-4.12.1.noarch", }, }, { category: "product_version", name: "spacewalk-admin-4.0.12-3.15.1.noarch", product: { name: "spacewalk-admin-4.0.12-3.15.1.noarch", product_id: "spacewalk-admin-4.0.12-3.15.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-app-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-app-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-app-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-applet-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-applet-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-applet-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-cdn-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-cdn-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-cdn-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-config-files-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-config-files-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-iss-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-iss-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-libs-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-libs-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-libs-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-server-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-server-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-server-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-sql-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-sql-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-sql-oracle-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-tools-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-tools-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-tools-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", product: { name: "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", product_id: "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", }, }, { category: "product_version", name: "spacewalk-base-4.0.25-3.36.1.noarch", product: { name: "spacewalk-base-4.0.25-3.36.1.noarch", product_id: "spacewalk-base-4.0.25-3.36.1.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-4.0.25-3.36.1.noarch", product: { name: "spacewalk-base-minimal-4.0.25-3.36.1.noarch", product_id: "spacewalk-base-minimal-4.0.25-3.36.1.noarch", }, }, { category: "product_version", name: "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", product: { name: "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", product_id: "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", }, }, { category: "product_version", name: "spacewalk-dobby-4.0.25-3.36.1.noarch", product: { name: "spacewalk-dobby-4.0.25-3.36.1.noarch", product_id: "spacewalk-dobby-4.0.25-3.36.1.noarch", }, }, { category: "product_version", name: "spacewalk-html-4.0.25-3.36.1.noarch", product: { name: "spacewalk-html-4.0.25-3.36.1.noarch", product_id: "spacewalk-html-4.0.25-3.36.1.noarch", }, }, { category: "product_version", name: "spacewalk-java-4.0.40-3.48.2.noarch", product: { name: "spacewalk-java-4.0.40-3.48.2.noarch", product_id: "spacewalk-java-4.0.40-3.48.2.noarch", }, }, { category: "product_version", name: "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch", product: { name: "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch", product_id: "spacewalk-java-apidoc-sources-4.0.40-3.48.2.noarch", }, }, { category: "product_version", name: "spacewalk-java-config-4.0.40-3.48.2.noarch", product: { name: "spacewalk-java-config-4.0.40-3.48.2.noarch", product_id: "spacewalk-java-config-4.0.40-3.48.2.noarch", }, }, { category: "product_version", name: "spacewalk-java-lib-4.0.40-3.48.2.noarch", product: { name: "spacewalk-java-lib-4.0.40-3.48.2.noarch", product_id: "spacewalk-java-lib-4.0.40-3.48.2.noarch", }, }, { category: "product_version", name: "spacewalk-java-postgresql-4.0.40-3.48.2.noarch", product: { name: "spacewalk-java-postgresql-4.0.40-3.48.2.noarch", product_id: "spacewalk-java-postgresql-4.0.40-3.48.2.noarch", }, }, { category: "product_version", name: "spacewalk-taskomatic-4.0.40-3.48.2.noarch", product: { name: "spacewalk-taskomatic-4.0.40-3.48.2.noarch", product_id: "spacewalk-taskomatic-4.0.40-3.48.2.noarch", }, }, { category: "product_version", name: "susemanager-schema-4.0.23-3.32.1.noarch", product: { name: "susemanager-schema-4.0.23-3.32.1.noarch", product_id: "susemanager-schema-4.0.23-3.32.1.noarch", }, }, { category: "product_version", name: "susemanager-schema-sanity-4.0.23-3.32.1.noarch", product: { name: "susemanager-schema-sanity-4.0.23-3.32.1.noarch", product_id: "susemanager-schema-sanity-4.0.23-3.32.1.noarch", }, }, { category: "product_version", name: "susemanager-sls-4.0.31-3.37.1.noarch", product: { name: "susemanager-sls-4.0.31-3.37.1.noarch", product_id: "susemanager-sls-4.0.31-3.37.1.noarch", }, }, { category: "product_version", name: "susemanager-web-libs-4.0.25-3.36.1.noarch", product: { name: "susemanager-web-libs-4.0.25-3.36.1.noarch", product_id: "susemanager-web-libs-4.0.25-3.36.1.noarch", }, }, { category: "product_version", name: "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", product: { name: "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", product_id: "zypp-plugin-spacewalk-1.0.8-3.14.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "susemanager-4.0.32-3.46.1.ppc64le", product: { name: "susemanager-4.0.32-3.46.1.ppc64le", product_id: "susemanager-4.0.32-3.46.1.ppc64le", }, }, { category: "product_version", name: "susemanager-tools-4.0.32-3.46.1.ppc64le", product: { name: "susemanager-tools-4.0.32-3.46.1.ppc64le", product_id: "susemanager-tools-4.0.32-3.46.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "susemanager-4.0.32-3.46.1.s390x", product: { name: "susemanager-4.0.32-3.46.1.s390x", product_id: "susemanager-4.0.32-3.46.1.s390x", }, }, { category: "product_version", name: "susemanager-tools-4.0.32-3.46.1.s390x", product: { name: "susemanager-tools-4.0.32-3.46.1.s390x", product_id: "susemanager-tools-4.0.32-3.46.1.s390x", }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "susemanager-4.0.32-3.46.1.x86_64", product: { name: "susemanager-4.0.32-3.46.1.x86_64", product_id: "susemanager-4.0.32-3.46.1.x86_64", }, }, { category: "product_version", name: "susemanager-tools-4.0.32-3.46.1.x86_64", product: { name: "susemanager-tools-4.0.32-3.46.1.x86_64", product_id: "susemanager-tools-4.0.32-3.46.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Manager Server Module 4.0", product: { name: "SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-suse-manager-server:4.0", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", }, product_reference: "bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "grafana-formula-0.2.2-4.13.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch", }, product_reference: "grafana-formula-0.2.2-4.13.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "postgresql-jdbc-42.2.10-3.3.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch", }, product_reference: "postgresql-jdbc-42.2.10-3.3.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "prometheus-exporters-formula-0.7.5-3.16.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch", }, product_reference: "prometheus-exporters-formula-0.7.5-3.16.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "prometheus-formula-0.2.3-4.16.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch", }, product_reference: "prometheus-formula-0.2.3-4.16.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", }, product_reference: "python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "salt-netapi-client-0.18.0-4.12.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch", }, product_reference: "salt-netapi-client-0.18.0-4.12.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-admin-4.0.12-3.15.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch", }, product_reference: "spacewalk-admin-4.0.12-3.15.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-app-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-app-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-applet-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-applet-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-config-files-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-iss-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-server-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-server-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-sql-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-tools-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-tools-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", }, product_reference: "spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch", }, product_reference: "spacewalk-base-4.0.25-3.36.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch", }, product_reference: "spacewalk-base-minimal-4.0.25-3.36.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", }, product_reference: "spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-html-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch", }, product_reference: "spacewalk-html-4.0.25-3.36.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch", }, product_reference: "spacewalk-java-4.0.40-3.48.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-config-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch", }, product_reference: "spacewalk-java-config-4.0.40-3.48.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-lib-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch", }, product_reference: "spacewalk-java-lib-4.0.40-3.48.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-java-postgresql-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch", }, product_reference: "spacewalk-java-postgresql-4.0.40-3.48.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "spacewalk-taskomatic-4.0.40-3.48.2.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch", }, product_reference: "spacewalk-taskomatic-4.0.40-3.48.2.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.0.32-3.46.1.ppc64le as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le", }, product_reference: "susemanager-4.0.32-3.46.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.0.32-3.46.1.s390x as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x", }, product_reference: "susemanager-4.0.32-3.46.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-4.0.32-3.46.1.x86_64 as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64", }, product_reference: "susemanager-4.0.32-3.46.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-schema-4.0.23-3.32.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch", }, product_reference: "susemanager-schema-4.0.23-3.32.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-sls-4.0.31-3.37.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch", }, product_reference: "susemanager-sls-4.0.31-3.37.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.0.32-3.46.1.ppc64le as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le", }, product_reference: "susemanager-tools-4.0.32-3.46.1.ppc64le", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.0.32-3.46.1.s390x as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x", }, product_reference: "susemanager-tools-4.0.32-3.46.1.s390x", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-tools-4.0.32-3.46.1.x86_64 as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64", }, product_reference: "susemanager-tools-4.0.32-3.46.1.x86_64", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, { category: "default_component_of", full_product_name: { name: "susemanager-web-libs-4.0.25-3.36.1.noarch as component of SUSE Manager Server Module 4.0", product_id: "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch", }, product_reference: "susemanager-web-libs-4.0.25-3.36.1.noarch", relates_to_product_reference: "SUSE Manager Server Module 4.0", }, ], }, vulnerabilities: [ { cve: "CVE-2018-10936", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-10936", }, ], notes: [ { category: "general", text: "A weakness was found in postgresql-jdbc before version 42.2.5. It was possible to provide an SSL Factory and not check the host name if a host name verifier was not provided to the driver. This could lead to a condition where a man-in-the-middle attacker could masquerade as a trusted server by providing a certificate for the wrong host, as long as it was signed by a trusted CA.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch", "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch", "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch", "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch", "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch", "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2018-10936", url: "https://www.suse.com/security/cve/CVE-2018-10936", }, { category: "external", summary: "SUSE Bug 1106539 for CVE-2018-10936", url: "https://bugzilla.suse.com/1106539", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch", "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch", "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch", "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch", "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch", "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 8.1, baseSeverity: "HIGH", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, products: [ "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch", "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch", "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch", "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch", "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch", "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-11-20T14:06:24Z", details: "important", }, ], title: "CVE-2018-10936", }, { cve: "CVE-2020-13692", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2020-13692", }, ], notes: [ { category: "general", text: "PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch", "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch", "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch", "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch", "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch", "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch", ], }, references: [ { category: "external", summary: "CVE-2020-13692", url: "https://www.suse.com/security/cve/CVE-2020-13692", }, { category: "external", summary: "SUSE Bug 1172746 for CVE-2020-13692", url: "https://bugzilla.suse.com/1172746", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch", "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch", "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch", "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch", "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch", "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch", ], }, ], scores: [ { cvss_v3: { baseScore: 5.6, baseSeverity: "MEDIUM", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L", version: "3.1", }, products: [ "SUSE Manager Server Module 4.0:bind-formula-0.1.1603299886.60e4bcf-3.11.1.noarch", "SUSE Manager Server Module 4.0:grafana-formula-0.2.2-4.13.1.noarch", "SUSE Manager Server Module 4.0:postgresql-jdbc-42.2.10-3.3.1.noarch", "SUSE Manager Server Module 4.0:prometheus-exporters-formula-0.7.5-3.16.1.noarch", "SUSE Manager Server Module 4.0:prometheus-formula-0.2.3-4.16.1.noarch", "SUSE Manager Server Module 4.0:python3-spacewalk-backend-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:salt-netapi-client-0.18.0-4.12.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-admin-4.0.12-3.15.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-app-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-applet-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-common-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-config-files-tool-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-iss-export-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-package-push-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-server-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-sql-postgresql-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-tools-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xml-export-libs-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-backend-xmlrpc-4.0.35-3.38.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-base-minimal-config-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-html-4.0.25-3.36.1.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-config-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-lib-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-java-postgresql-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:spacewalk-taskomatic-4.0.40-3.48.2.noarch", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-schema-4.0.23-3.32.1.noarch", "SUSE Manager Server Module 4.0:susemanager-sls-4.0.31-3.37.1.noarch", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.ppc64le", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.s390x", "SUSE Manager Server Module 4.0:susemanager-tools-4.0.32-3.46.1.x86_64", "SUSE Manager Server Module 4.0:susemanager-web-libs-4.0.25-3.36.1.noarch", ], }, ], threats: [ { category: "impact", date: "2020-11-20T14:06:24Z", details: "moderate", }, ], title: "CVE-2020-13692", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.