SUSE SLES11: golang-github-wrouesnel-postgres_exporter / mgr-cfg / etc (SUSE-SU-2021:14753-1)

high Nessus Plugin ID 151084

Language:

Synopsis

The remote SUSE host is missing a security update.

Description

The remote SUSE Linux SLES11 / SLES_SAP11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:14753-1 advisory.

golang-github-wrouesnel-postgres_exporter:

- Add support for aarch64

mgr-cfg:

- SPEC: Updated Python definitions for RHEL8 and quoted text comparisons.

mgr-custom-info:

- Update package version to 4.2.0

mgr-daemon:

- Update translation strings
- Update the translations from weblate
- Added quotes around %{_vendor} token for the if statements in spec file.
- Fix removal of mgr-deamon with selinux enabled (bsc#1177928)
- Updating translations from weblate

mgr-osad:

- Change the log file permissions as expected by logrotate (bsc#1177884)
- Change deprecated path /var/run into /run for systemd (bsc#1185178)
- Python fixes
- Removal of RHEL5

mgr-push:

- Defined __python for python2.
- Excluded RHEL8 for Python 2 build.

mgr-virtualization:

- Update package version to 4.2.0

rhnlib:

- Update package version to 4.2.0

salt:

- Prevent command injection in the snapper module (bsc#1185281) (CVE-2021-31607)

spacecmd:

- Rename system migration to system transfer
- Rename SP to product migration
- Update translation strings
- Add group_addconfigchannel and group_removeconfigchannel
- Add group_listconfigchannels and configchannel_listgroups
- Fix spacecmd compat with Python 3
- Deprecated 'Software Crashes' feature
- Document advanced package search on '--help' (bsc#1180583)
- Fixed advanced search on 'package_listinstalledsystems'
- Fixed duplicate results when using multiple search criteria (bsc#1180585)
- Fixed 'non-advanced' package search when using multiple package names (bsc#1180584)
- Update translations
- Fix: make spacecmd build on Debian
- Add Service Pack migration operations (bsc#1173557)

spacewalk-client-tools:

- Update the translations from weblate
- Drop the --noSSLServerURL option
- Updated RHEL Python requirements.
- Added quotes around %{_vendor}.

spacewalk-koan:

- Fix for spacewalk-koan test

spacewalk-oscap:

- Update package version to 4.2.0

spacewalk-remote-utils:

- Update package version to 4.2.0

supportutils-plugin-susemanager-client:

- Update package version to 4.2.0

suseRegisterInfo:

- Add support for Amazon Linux 2
- Add support for Alibaba Cloud Linux 2
- Adapted for RHEL build.

uyuni-base:
- Added Apache as prerequisite for RHEL and Fedora (due to required users).
- Removed RHEL specific folder rights from SPEC file.
- Added RHEL8 compatibility.

uyuni-common-libs:

- Cleaning up unused Python 2 build leftovers.
- Disabled debug package build.

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 151084

File Name: suse_SU-2021-14753-1.nasl

Version: 1.8

Type: Local

Agent: unix

Family: SuSE Local Security Checks

Published: 6/28/2021

Updated: 6/25/2026

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-31607

CVSS v3

Risk Factor: High

Base Score: 7.8

Temporal Score: 7

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:salt-minion, p-cpe:/a:novell:suse_linux:mgr-cfg-management, p-cpe:/a:novell:suse_linux:python2-mgr-osad, p-cpe:/a:novell:suse_linux:python2-spacewalk-oscap, p-cpe:/a:novell:suse_linux:mgr-osad, p-cpe:/a:novell:suse_linux:spacecmd, p-cpe:/a:novell:suse_linux:spacewalk-oscap, p-cpe:/a:novell:suse_linux:python2-spacewalk-koan, p-cpe:/a:novell:suse_linux:python2-mgr-cfg, p-cpe:/a:novell:suse_linux:python2-mgr-virtualization-host, p-cpe:/a:novell:suse_linux:mgr-daemon, p-cpe:/a:novell:suse_linux:python2-rhnlib, p-cpe:/a:novell:suse_linux:python2-mgr-cfg-actions, p-cpe:/a:novell:suse_linux:mgr-cfg, p-cpe:/a:novell:suse_linux:python2-mgr-virtualization-common, p-cpe:/a:novell:suse_linux:python2-uyuni-common-libs, p-cpe:/a:novell:suse_linux:spacewalk-remote-utils, cpe:/o:novell:suse_linux:11, p-cpe:/a:novell:suse_linux:suseregisterinfo, p-cpe:/a:novell:suse_linux:mgr-cfg-actions, p-cpe:/a:novell:suse_linux:python2-spacewalk-client-setup, p-cpe:/a:novell:suse_linux:python2-suseregisterinfo, p-cpe:/a:novell:suse_linux:python2-spacewalk-check, p-cpe:/a:novell:suse_linux:salt, p-cpe:/a:novell:suse_linux:spacewalk-koan, p-cpe:/a:novell:suse_linux:mgr-virtualization-host, p-cpe:/a:novell:suse_linux:salt-doc, p-cpe:/a:novell:suse_linux:python2-mgr-cfg-client, p-cpe:/a:novell:suse_linux:python2-mgr-push, p-cpe:/a:novell:suse_linux:spacewalk-client-setup, p-cpe:/a:novell:suse_linux:supportutils-plugin-susemanager-client, p-cpe:/a:novell:suse_linux:mgr-custom-info, p-cpe:/a:novell:suse_linux:spacewalk-client-tools, p-cpe:/a:novell:suse_linux:mgr-cfg-client, p-cpe:/a:novell:suse_linux:spacewalk-check, p-cpe:/a:novell:suse_linux:mgr-push, p-cpe:/a:novell:suse_linux:python2-mgr-cfg-management, p-cpe:/a:novell:suse_linux:python2-spacewalk-client-tools, p-cpe:/a:novell:suse_linux:golang-github-wrouesnel-postgres_exporter, p-cpe:/a:novell:suse_linux:python2-mgr-osa-common

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/21/2021

Vulnerability Publication Date: 4/23/2021

Reference Information

CVE: CVE-2021-31607

IAVA: 2021-A-0524-S

SuSE: SUSE-SU-2021:14753-1

Detections

Analytics