SUSE SLES11 Security Update : SUSE Manager Client Tools (SUSE-SU-2017:1347-1)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote SUSE host is missing one or more security updates.

Description :

The following security issue in spacewalk-backend has been fixed :

- Non admin or disabled user cannot make changes to a
system anymore using spacewalk-channel. (bsc#1026633,
CVE-2017-7470) Additionally, the following non-security
issues have been fixed: rhnlib :

- Support all TLS versions in rpclib. (bsc#1025312)
spacecmd :

- Improve output on error for listrepo. (bsc#1027426)

- Reword spacecmd removal message. (bsc#1024406)
spacewalk-backend :

- Do not fail with traceback when media.1 does not exist.
(bsc#1032256)

- Create scap files directory beforehand. (bsc#1029755)

- Fix error if SPACEWALK_DEBUG_NO_REPORTS environment
variable is not present.

- Don't skip 'rhnErrataPackage' cleanup during an errata
update. (bsc#1023233)

- Add support for running spacewalk-debug without creating
reports. (bsc#1024714)

- Set scap store directory mod to 775 and group owner to
susemanager.

- incomplete_package_import: Do import rhnPackageFile as
it breaks some package installations.

- Added traceback printing to the exception block.

- Change postgresql starting commands.
spacewalk-client-tools :

- Fix reboot message to use correct product name.
(bsc#1031667)

Note that Tenable Network Security has extracted the preceding
description block directly from the SUSE security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

https://bugzilla.suse.com/1023233
https://bugzilla.suse.com/1024406
https://bugzilla.suse.com/1024714
https://bugzilla.suse.com/1025312
https://bugzilla.suse.com/1026633
https://bugzilla.suse.com/1027426
https://bugzilla.suse.com/1029755
https://bugzilla.suse.com/1031667
https://bugzilla.suse.com/1032256
https://www.suse.com/security/cve/CVE-2017-7470.html
http://www.nessus.org/u?1c80889b

Solution :

To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product :

SUSE Linux Enterprise Server 11-SP4-CLIENT-TOOLS:zypper in -t patch
slesctsp4-client-tools-201704-13115=1

SUSE Linux Enterprise Server 11-SP3-CLIENT-TOOLS:zypper in -t patch
slesctsp3-client-tools-201704-13115=1

To bring your system up-to-date, use 'zypper patch'.

Risk factor :

Medium / CVSS Base Score : 5.5
(CVSS2#AV:N/AC:L/Au:S/C:N/I:P/A:P)
CVSS Temporal Score : 4.5
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SuSE Local Security Checks

Nessus Plugin ID: 100351 ()

Bugtraq ID:

CVE ID: CVE-2017-7470

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now