SUSE-SU-2020:3251-1

Properly validate eauth credentials and tokens on SSH calls made by Salt API (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)

spacewalk-java:

Use correct eauth module and credentials for Salt SSH calls (bsc#1178319, CVE-2020-25592)

References

Affected packages

SUSE:Manager Server 3.2 / py26-compat-salt

Package

Name: py26-compat-salt
Purl: pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%203.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2016.11.10-6.41.1

Ecosystem specific

{
    "binaries": [
        {
            "spacewalk-java-config": "2.8.78.31-3.56.1",
            "py26-compat-salt": "2016.11.10-6.41.1",
            "spacewalk-java-postgresql": "2.8.78.31-3.56.1",
            "spacewalk-taskomatic": "2.8.78.31-3.56.1",
            "spacewalk-java-oracle": "2.8.78.31-3.56.1",
            "spacewalk-java-lib": "2.8.78.31-3.56.1",
            "spacewalk-java": "2.8.78.31-3.56.1"
        }
    ]
}

SUSE:Manager Server 3.2 / spacewalk-java

Package

Name: spacewalk-java
Purl: pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%203.2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.8.78.31-3.56.1

Ecosystem specific

{
    "binaries": [
        {
            "spacewalk-java-config": "2.8.78.31-3.56.1",
            "py26-compat-salt": "2016.11.10-6.41.1",
            "spacewalk-java-postgresql": "2.8.78.31-3.56.1",
            "spacewalk-taskomatic": "2.8.78.31-3.56.1",
            "spacewalk-java-oracle": "2.8.78.31-3.56.1",
            "spacewalk-java-lib": "2.8.78.31-3.56.1",
            "spacewalk-java": "2.8.78.31-3.56.1"
        }
    ]
}