SUSE SLES15: ansible / ansible-doc / ansible-test / dracut-saltboot / etc (SUSE-SU-2022:3178-1)

high Nessus Plugin ID 164906

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:3178-1 advisory.

ansible:

- Update to version 2.9.27 (jsc#SLE-23631, jsc#SLE-24133)
* CVE-2021-3620 ansible-connection module discloses sensitive info in traceback error message (in 2.9.27) (bsc#1187725)
* CVE-2021-3583 Template Injection through yaml multi-line strings with ansible facts used in template.
(in 2.9.23) (bsc#1188061)
* ansible module nmcli is broken in ansible 2.9.13 (in 2.9.15) (bsc#1176460)
- Update to 2.9.22:
* CVE-2021-3447 (bsc#1183684) multiple modules expose secured values
* CVE-2021-20228 (bsc#1181935) basic.py no_log with fallback option
* CVE-2021-20191 (bsc#1181119) multiple collections exposes secured values
* CVE-2021-20180 (bsc#1180942) bitbucket_pipeline_variable exposes sensitive values
* CVE-2021-20178 (bsc#1180816) user data leak in snmp_facts module

dracut-saltboot:

- Require e2fsprogs (bsc#1202614)
- Update to version 0.1.1657643023.0d694ce
* Update dracut-saltboot dependencies (bsc#1200970)
* Fix network loading when ipappend is used in pxe config
* Add new information messages

golang-github-QubitProducts-exporter_exporter:

- Remove license file from %doc

mgr-daemon:

- Version 4.3.5-1
* Update translation strings

mgr-virtualization:

- Version 4.3.6-1
* Report all VMs in poller, not only running ones (bsc#1199528)

prometheus-blackbox_exporter:

- Exclude s390 arch

python-hwdata:

- Declare the LICENSE file as license and not doc

spacecmd:

- Version 4.3.14-1
* Fix missing argument on system_listmigrationtargets (bsc#1201003)
* Show correct help on calling kickstart_importjson with no arguments
* Fix tracebacks on spacecmd kickstart_export (bsc#1200591)
* Change proxy container config default filename to end with tar.gz
* Update translation strings

spacewalk-client-tools:

- Version 4.3.11-1
* Update translation strings

uyuni-common-libs:

- Version 4.3.5-1
* Fix reposync issue about 'rpm.hdr' object has no attribute 'get'

uyuni-proxy-systemd-services:

- Version 4.3.6-1
* Expose port 80 (bsc#1200142)
* Use volumes rather than bind mounts
* TFTPD to listen on udp port (bsc#1200968)
* Add TAG variable in configuration
* Fix containers namespaces in configuration

zypp-plugin-spacewalk:

- 1.0.13
* Log in before listing channels. (bsc#1197963, bsc#1193585)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.suse.com/1176460

https://bugzilla.suse.com/1180816

https://bugzilla.suse.com/1180942

https://bugzilla.suse.com/1181119

https://bugzilla.suse.com/1181935

https://bugzilla.suse.com/1183684

https://bugzilla.suse.com/1187725

https://bugzilla.suse.com/1188061

https://bugzilla.suse.com/1193585

https://bugzilla.suse.com/1197963

https://bugzilla.suse.com/1199528

https://bugzilla.suse.com/1200142

https://bugzilla.suse.com/1200591

https://bugzilla.suse.com/1200968

https://bugzilla.suse.com/1200970

https://bugzilla.suse.com/1201003

https://bugzilla.suse.com/1202614

https://www.suse.com/security/cve/CVE-2021-20178

https://www.suse.com/security/cve/CVE-2021-20180

https://www.suse.com/security/cve/CVE-2021-20191

https://www.suse.com/security/cve/CVE-2021-20228

https://www.suse.com/security/cve/CVE-2021-3447

https://www.suse.com/security/cve/CVE-2021-3583

https://www.suse.com/security/cve/CVE-2021-3620

http://www.nessus.org/u?c54d0010

Plugin Details

Severity: High

ID: 164906

File Name: suse_SU-2022-3178-1.nasl

Version: 1.8

Type: Local

Agent: unix

Published: 9/9/2022

Updated: 6/25/2026

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Tenable Cloud Security, Tenable Self-Hosted Container Security, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.3

Percentile: 53.06

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2021-20228

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 6.6

Threat Vector: CVSS:4.0/E:U

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:golang-github-prometheus-node_exporter, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 9/8/2022

Vulnerability Publication Date: 2/21/2021

Reference Information

CVE: CVE-2021-20178, CVE-2021-20180, CVE-2021-20191, CVE-2021-20228, CVE-2021-3447, CVE-2021-3583, CVE-2021-3620

SuSE: SUSE-SU-2022:3178-1