Bug 1181550 - VUL-0: salt: February 2021 release
Summary: VUL-0: salt: February 2021 release
Status: RESOLVED FIXED
Alias: None
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/276726/
Whiteboard: CVSSv3.1:SUSE:CVE-2020-28972:7.3:(AV:...
Keywords:
Depends on: CVE-2020-28243 CVE-2020-28972 CVE-2021-3148 CVE-2021-25281 CVE-2021-25282 CVE-2021-25283 CVE-2021-3144 CVE-2021-25284 CVE-2021-3197 CVE-2020-35662
Blocks:
  Show dependency treegraph
 
Reported: 2021-01-29 08:55 UTC by Marcus Meissner
Modified: 2023-03-01 10:17 UTC (History)
16 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments
CVE patches 2016.11.10 (102.67 KB, patch)
2021-02-01 18:34 UTC, Jochen Breuer
Details | Diff
CVE patches 3000.6 (133.53 KB, patch)
2021-02-01 18:35 UTC, Jochen Breuer
Details | Diff
CVE patches 3002.2 (141.61 KB, patch)
2021-02-01 18:36 UTC, Jochen Breuer
Details | Diff
patches_2021_01_28_2016.11.10.patch (95.43 KB, patch)
2021-02-12 16:38 UTC, Jochen Breuer
Details | Diff
patches_2021_01_28_3000.6.patch (133.53 KB, patch)
2021-02-12 16:38 UTC, Jochen Breuer
Details | Diff
patches_2021_01_28_3002.2.patch (141.61 KB, patch)
2021-02-12 16:39 UTC, Jochen Breuer
Details | Diff
patches_2021_02_05_2016.11.10.patch (4.40 KB, patch)
2021-02-12 16:39 UTC, Jochen Breuer
Details | Diff
patches_2021_02_05_3000.6.patch (4.79 KB, patch)
2021-02-12 16:40 UTC, Jochen Breuer
Details | Diff
patches_2021_02_05_3002.2.patch (4.21 KB, patch)
2021-02-12 16:40 UTC, Jochen Breuer
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Marcus Meissner 2021-01-29 09:08:18 UTC
CRD: 2021-02-04  
time currently not known, likely US business hours
Comment 2 Jochen Breuer 2021-01-29 09:21:28 UTC
I've send an email to enterprisesupport@saltstack.com and asked for the patches and the exact end of the embargo. Setting the needinfo on me for now.
Comment 4 Jochen Breuer 2021-01-29 12:13:18 UTC
From RC conversation with Julio: "Pau approved delaying 4.1.5 and Uyuni 2021.01 to include the salt fixes."
Comment 8 Jochen Breuer 2021-02-01 18:34:25 UTC
Created attachment 845694 [details]
CVE patches 2016.11.10
Comment 9 Jochen Breuer 2021-02-01 18:35:44 UTC
Created attachment 845695 [details]
CVE patches 3000.6
Comment 10 Jochen Breuer 2021-02-01 18:36:32 UTC
Created attachment 845696 [details]
CVE patches 3002.2
Comment 12 Jochen Breuer 2021-02-03 07:57:01 UTC
Quick update: The patch for 3000 is applying cleanly - only some changes in the lines numbers.  Unit tests are looking good, no difference from the version we are currently shipping. I've started to create the IBS repos we'll need for running the cucumber tests and ultimately for submitting. Already done:
RES7
Ubuntu16.04
Ubuntu18.04
Ubuntu20.04
Debian9
Debian10
SLE15SP1
SLE15SP2

… and I'm finishing those now:
RES6
RES8
SLE11
SLE12
SLE15
Comment 16 Jochen Breuer 2021-02-03 15:00:40 UTC
I think we still don't have the exact time for the end of the embargo. I have reached out to Ken Crowell from VMware and he promised to come back to me with the answer.
Comment 17 Jochen Breuer 2021-02-03 18:38:25 UTC
Got this from Ken Crowell from VMware:

> Hi Jochen, thanks for your patience.  Unfortunately, it looks like we've found 
> a critical regression in the patches, so the patches we supplied should not be 
> released.  There will be a new patch set available which addresses the
> regression in the next 10-14 days. Very sorry about the inconvenience.
Comment 18 Marcus Meissner 2021-02-04 06:36:52 UTC
Is this is for all of them?

THis would mean full rollback of the current staged updaes
Comment 19 Jochen Breuer 2021-02-04 07:40:32 UTC
(In reply to Marcus Meissner from comment #18)
> Is this is for all of them?
> 
> THis would mean full rollback of the current staged updaes

Yes, there won't be an update today. Julio was already made aware.
Comment 20 Johannes Segitz 2021-02-04 08:10:17 UTC
We also got this mail:

From: SaltStack | Now part of VMware <security@saltstack.com>
We’d like to share an important update with you regarding the CVEs and security patch/update you received from us on January 28, 2021.
An issue has been found affecting the functionality of runners. At this time, we are working to correct the issue. Additional packages and patches will be made available, and time to apply these, prior to the General Public release. Another communication will be announced publicly via the
Security RSS Feed on Thursday, February 4th announcing the public delay.
The issue found will give an Authentication error stating:
Authentication failure of type “user” occurred
All Salt runners will give this error and cease to run.
A few things to note:

        - If you have already applied the patch/upgrade that was provided from January 28, 2021 and have experienced issues with runners not functioning properly, you will need to rollback the patch by downgrading your Salt version to the previous stable release, or reversing the patch to
restore functionality.  (Click here <https://em.saltstack.com/thQN1a0oPo09y00fHa0002B> to access the patch and instructions provided from January 28.)  - We will release a patch fixing the runner issue in the next 10 to 14 days. The public CVE release will follow about a week later.     -
Again, we are postponing the public release and giving you advanced notice to provide time to apply the patch and secure your Salt environment before the public is aware of the vulnerabilities.
If you have any questions or need any help with the CVE patches/package already released, please contact us at enterprisesupport@saltstack.com <https://em.saltstack.com/DPCa00z0QHo00o029f1N0ha> or visit our support portal at help.saltstack.com <https://em.saltstack.com/WP02AfHa90D1QhN00a0oo00>
to submit a support ticket.
Once again, until our public announcement of these vulnerabilities, please keep all information about the CVEs and the security updates confidential and do not post or respond to any posts about these confidential CVEs on any public forums, including the Salt Open community.
Thank you for your continued support. Sincerely, Your SaltStack Team
Comment 21 Julio González Gil 2021-02-04 10:26:45 UTC
We just noticed that there are two more packages affected that we will need to fix:

py26-compat-salt, for 4.0, 4.1 (and 4.2 alpha/beta)
py27-compat-salt, for 4.2 alpha/beta

Pablo/Jochan, remember to send fixes as well when the new patches from saltstack are ready.
Comment 24 Alexander Bergmann 2021-02-05 07:34:39 UTC
The public release was postponed.

https://saltproject.io/security_announcements/salt-feb-4th-cve-release-delayed/

New release date:

CRD: 2021-02-25 19:00 UTC
Comment 25 Jochen Breuer 2021-02-12 16:38:06 UTC
Created attachment 846073 [details]
patches_2021_01_28_2016.11.10.patch
Comment 26 Jochen Breuer 2021-02-12 16:38:33 UTC
Created attachment 846074 [details]
patches_2021_01_28_3000.6.patch
Comment 27 Jochen Breuer 2021-02-12 16:39:02 UTC
Created attachment 846076 [details]
patches_2021_01_28_3002.2.patch
Comment 28 Jochen Breuer 2021-02-12 16:39:48 UTC
Created attachment 846077 [details]
patches_2021_02_05_2016.11.10.patch
Comment 29 Jochen Breuer 2021-02-12 16:40:14 UTC
Created attachment 846078 [details]
patches_2021_02_05_3000.6.patch
Comment 30 Jochen Breuer 2021-02-12 16:40:36 UTC
Created attachment 846079 [details]
patches_2021_02_05_3002.2.patch
Comment 31 Jochen Breuer 2021-02-12 16:42:48 UTC
We've just received a new set of patches from Sage (VMware). This consists of the patches that are already known to us (I've uploaded them anyway and deprecated the other old ones) and the fixes for those. So we've got 2 patches for each of the Salt versions.
Comment 32 Pablo Suárez Hernández 2021-02-22 10:04:00 UTC
FYI we're running testsuite on top of the candidate package to release in order to validate it and we're currently seeing some issues with SUSE Manager 4.1.

We'll let you know as soon as we have more information about this.
Comment 34 Julio González Gil 2021-02-22 14:01:12 UTC
I got the green light from Pablo for the submissions, so here they are:

SLE11 salt: 236483
SLE12 salt: 236484
SLE15SP0 salt: 236485
SLE15SP1 salt: 236486
SLE15SP2 salt: 236493
RES6 salt: 236494
RES7 salt: 236495
RES8 salt: 236496
Ubuntu16.04 salt: 236487
Ubuntu18.04 salt: 236488
Ubuntu20.04 salt: 236489
Debian9 salt: 236490
Debian10 salt: 236497
SUMA 4.1 py26-compat-salt: 236491
SUMA 4.1 py26-compat-salt: 236492
Comment 50 Marina Latini 2021-02-26 10:22:19 UTC
Thanks folks, all the incidents have been released!

request 236764 is accepted. Update SUSE:Maintenance:18378 is released
request 236756 is accepted. Update SUSE:Maintenance:18371 is released
request 236757 is accepted. Update SUSE:Maintenance:18372 is released
request 236754 is accepted. Update SUSE:Maintenance:18369 is released
request 236747 is accepted. Update SUSE:Maintenance:18374 is released
request 236755 is accepted. Update SUSE:Maintenance:18370 is released
request 236759 is accepted. Update SUSE:Maintenance:18375 is released
request 236763 is accepted. Update SUSE:Maintenance:18377 is released
request 236758 is accepted. Update SUSE:Maintenance:18373 is released
request 236750 is accepted. Update SUSE:Maintenance:18379 is released
request 236740 is accepted. Update SUSE:Maintenance:18364 is released
request 236753 is accepted. Update SUSE:Maintenance:18365 is released
request 236735 is accepted. Update SUSE:Maintenance:18366 is released
request 236751 is accepted. Update SUSE:Maintenance:18368 is released
request 236761 is accepted. Update SUSE:Maintenance:18376 is released
request 236636 is accepted. Update SUSE:Maintenance:18398 is released
request 236637 is accepted. Update SUSE:Maintenance:18401 is released
Comment 51 Swamp Workflow Management 2021-02-26 14:16:46 UTC
SUSE-RU-2021:0632-1: An update that solves 10 vulnerabilities and has one errata is now available.

Category: recommended (moderate)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    release-notes-susemanager-4.0.12.1-3.68.1
SUSE Manager Retail Branch Server 4.0 (src):    release-notes-susemanager-proxy-4.0.12.1-0.16.52.1
SUSE Manager Proxy 4.0 (src):    release-notes-susemanager-proxy-4.0.12.1-0.16.52.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 52 Swamp Workflow Management 2021-02-26 14:19:16 UTC
SUSE-SU-2021:0624-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (src):    py26-compat-salt-2016.11.10-6.8.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 53 Swamp Workflow Management 2021-02-26 14:23:03 UTC
SUSE-SU-2021:14650-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS (src):    salt-2016.11.10-43.69.1
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS (src):    salt-2016.11.10-43.69.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 54 Swamp Workflow Management 2021-02-26 14:28:57 UTC
SUSE-SU-2021:0626-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for SUSE Manager Server 4.0 (src):    py26-compat-salt-2016.11.10-10.22.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 55 Swamp Workflow Management 2021-02-26 14:33:22 UTC
SUSE-RU-2021:0633-1: An update that solves 10 vulnerabilities and has one errata is now available.

Category: recommended (moderate)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    release-notes-susemanager-4.1.5.1-3.38.1
SUSE Manager Retail Branch Server 4.1 (src):    release-notes-susemanager-proxy-4.1.5.1-3.26.1
SUSE Manager Proxy 4.1 (src):    release-notes-susemanager-proxy-4.1.5.1-3.26.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 56 Swamp Workflow Management 2021-02-26 14:35:54 UTC
SUSE-SU-2021:0619-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 57 Swamp Workflow Management 2021-02-26 14:39:26 UTC
SUSE-SU-2021:0628-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Linux Enterprise Server for SAP 15 (src):    salt-3000-5.106.1
SUSE Linux Enterprise Server 15-LTSS (src):    salt-3000-5.106.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    salt-3000-5.106.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    salt-3000-5.106.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 58 Swamp Workflow Management 2021-02-26 14:44:20 UTC
SUSE-SU-2021:0625-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 59 Swamp Workflow Management 2021-02-26 14:47:48 UTC
SUSE-SU-2021:0630-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Linux Enterprise Module for Server Applications 15-SP2 (src):    salt-3000-24.1
SUSE Linux Enterprise Module for Python2 15-SP2 (src):    salt-3000-24.1
SUSE Linux Enterprise Module for Basesystem 15-SP2 (src):    salt-3000-24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 60 Swamp Workflow Management 2021-02-26 14:50:31 UTC
SUSE-SU-2021:14647-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 61 Swamp Workflow Management 2021-02-26 14:54:18 UTC
SUSE-SU-2021:14649-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 62 Swamp Workflow Management 2021-02-26 14:59:17 UTC
SUSE-SU-2021:0631-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Manager Server 4.0 (src):    salt-3000-24.1
SUSE Manager Retail Branch Server 4.0 (src):    salt-3000-24.1
SUSE Manager Proxy 4.0 (src):    salt-3000-24.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    salt-3000-24.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    salt-3000-24.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    salt-3000-24.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    salt-3000-24.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    salt-3000-24.1
SUSE Enterprise Storage 6 (src):    salt-3000-24.1
SUSE CaaS Platform 4.0 (src):    salt-3000-24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 63 Swamp Workflow Management 2021-02-26 15:01:55 UTC
SUSE-SU-2021:14646-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 64 Swamp Workflow Management 2021-02-26 15:04:33 UTC
SUSE-SU-2021:0627-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Manager Tools 12 (src):    salt-3000-46.129.1
SUSE Linux Enterprise Point of Sale 12-SP2 (src):    salt-3000-46.129.1
SUSE Linux Enterprise Module for Advanced Systems Management 12 (src):    salt-3000-46.129.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 65 Swamp Workflow Management 2021-02-26 20:19:15 UTC
openSUSE-SU-2021:0347-1: An update that solves 10 vulnerabilities and has two fixes is now available.

Category: security (critical)
Bug References: 1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
openSUSE Leap 15.2 (src):    salt-3000-lp152.3.27.1
Comment 73 Swamp Workflow Management 2021-03-19 20:29:55 UTC
SUSE-SU-2021:0913-1: An update that solves 11 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1172110,1174855,1177474,1179696,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182382,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-25315,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 74 Swamp Workflow Management 2021-03-19 20:33:06 UTC
SUSE-SU-2021:14679-1: An update that solves 11 vulnerabilities and has 7 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1172110,1174855,1179696,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182382,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-25315,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 75 Swamp Workflow Management 2021-03-19 20:36:20 UTC
SUSE-SU-2021:0914-1: An update that solves 11 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1172110,1174855,1177474,1179696,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182382,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-25315,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Manager Tools 15-BETA (src):    salt-3002.2-8.33.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 76 Swamp Workflow Management 2021-03-19 20:39:35 UTC
SUSE-SU-2021:14677-1: An update that solves 10 vulnerabilities and has 10 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1172110,1174855,1179696,1180101,1180818,1181290,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 77 Swamp Workflow Management 2021-03-19 20:48:32 UTC
SUSE-SU-2021:14682-1: An update that solves 10 vulnerabilities and has 6 fixes is now available.

Category: security (moderate)
Bug References: 1181290,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1181807,1182339,1182603,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS-BETA (src):    mgr-osad-4.2.3-8.12.1, rhnlib-4.2.2-15.12.1, salt-2016.11.10-46.15.1, spacewalk-client-tools-4.2.7-30.24.1
SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS-BETA (src):    mgr-osad-4.2.3-8.12.1, rhnlib-4.2.2-15.12.1, salt-2016.11.10-46.15.1, spacewalk-client-tools-4.2.7-30.24.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 78 Swamp Workflow Management 2021-03-19 20:52:18 UTC
SUSE-SU-2021:0910-1: An update that solves 10 vulnerabilities and has 10 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1172110,1174855,1179696,1180101,1180818,1181290,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 79 Swamp Workflow Management 2021-03-19 21:11:42 UTC
SUSE-SU-2021:14678-1: An update that solves 11 vulnerabilities and has 8 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1172110,1174855,1177474,1179696,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182382,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-25315,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 80 Swamp Workflow Management 2021-03-19 21:15:17 UTC
SUSE-SU-2021:0915-1: An update that solves 10 vulnerabilities and has 10 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1172110,1174855,1179696,1180101,1180818,1181290,1181347,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182740
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-3197
JIRA References: 
Sources used:
SUSE Manager Tools 12-BETA (src):    salt-3000-49.29.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 83 Swamp Workflow Management 2021-05-21 19:19:46 UTC
SUSE-SU-2021:14733-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197
JIRA References: ECO-3212
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 84 Swamp Workflow Management 2021-05-21 19:23:10 UTC
SUSE-SU-2021:14734-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197
JIRA References: ECO-3212
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 85 Swamp Workflow Management 2021-05-21 19:32:52 UTC
SUSE-SU-2021:1690-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197
JIRA References: ECO-3212
Sources used:
SUSE Manager Tools 15-BETA (src):    salt-3002.2-8.41.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 86 Swamp Workflow Management 2021-05-21 19:37:24 UTC
SUSE-SU-2021:1694-1: An update that solves 11 vulnerabilities, contains one feature and has 17 fixes is now available.

Category: security (moderate)
Bug References: 1099976,1171257,1172110,1174855,1176293,1177474,1179831,1180101,1180818,1181290,1181347,1181368,1181550,1181556,1181557,1181558,1181559,1181560,1181561,1181562,1181563,1181564,1181565,1182281,1182293,1182740,1185092,1185281
CVE References: CVE-2020-28243,CVE-2020-28972,CVE-2020-35662,CVE-2021-25281,CVE-2021-25282,CVE-2021-25283,CVE-2021-25284,CVE-2021-3144,CVE-2021-3148,CVE-2021-31607,CVE-2021-3197
JIRA References: ECO-3212
Sources used:

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
Comment 88 Marcus Meissner 2022-04-18 14:29:19 UTC
done