openSUSE Security Update : crmsh (openSUSE-2021-410)

high Nessus Plugin ID 147780

Language:

Synopsis

The remote openSUSE host is missing a security update.

Description

This update for crmsh fixes the following issues :

- Update to version 4.3.0+20210305.9db5c9a8 :

- Fix: bootstrap: Adjust qdevice configure/remove process to avoid race condition due to quorum lost(bsc#1181415)

- Dev: cibconfig: remove related code about detecting crm_diff support --no-verion

- Fix: ui_configure: raise error when params not exist(bsc#1180126)

- Dev: doc: remove doc for crm node status

- Dev: ui_node: remove status subcommand

- Update to version 4.3.0+20210219.5d1bf034 :

- Fix: hb_report: walk through hb_report process under hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571)

- Fix: bootstrap: setup authorized ssh access for hacluster(CVE-2020-35459, bsc#1179999; CVE-2021-3020, bsc#1180571)

- Dev: analyze: Add analyze sublevel and put preflight_check in it(jsc#ECO-1658)

- Dev: utils: change default file mod as 644 for str2file function

- Dev: hb_report: Detect if any ocfs2 partitions exist

- Dev: lock: give more specific error message when raise ClaimLockError

- Fix: Replace mktemp() to mkstemp() for security

- Fix: Remove the duplicate --cov-report html in tox.

- Fix: fix some lint issues.

- Fix: Replace utils.msg_info to task.info

- Fix: Solve a circular import error of utils.py

- Fix: hb_report: run lsof with specific ocfs2 device(bsc#1180688)

- Dev: corosync: change the permission of corosync.conf to 644

- Fix: preflight_check: task: raise error when report_path isn't a directory

- Fix: bootstrap: Use class Watchdog to simplify watchdog config(bsc#1154927, bsc#1178869)

- Dev: Polish the sbd feature.

- Dev: Replace -f with -c and run check when no parameter provide.

- Fix: Fix the yes option not working

- Fix: Remove useless import and show help when no input.

- Dev: Correct SBD device id inconsistenc during ASR

- Fix: completers: return complete start/stop resource id list correctly(bsc#1180137)

- Dev: Makefile.am: change makefile to integrate preflight_check

- Medium: integrate preflight_check into crmsh(jsc#ECO-1658)

- Fix: bootstrap: make sure sbd device UUID was the same between nodes(bsc#1178454)

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Solution

Update the affected crmsh packages.

See Also

https://bugzilla.opensuse.org/show_bug.cgi?id=1154927

https://bugzilla.opensuse.org/show_bug.cgi?id=1178454

https://bugzilla.opensuse.org/show_bug.cgi?id=1178869

https://bugzilla.opensuse.org/show_bug.cgi?id=1179999

https://bugzilla.opensuse.org/show_bug.cgi?id=1180126

https://bugzilla.opensuse.org/show_bug.cgi?id=1180137

https://bugzilla.opensuse.org/show_bug.cgi?id=1180571

https://bugzilla.opensuse.org/show_bug.cgi?id=1180688

https://bugzilla.opensuse.org/show_bug.cgi?id=1181415

Plugin Details

Severity: High

ID: 147780

File Name: openSUSE-2021-410.nasl

Version: 1.5

Type: local

Agent: unix

Published: 3/15/2021

Updated: 1/9/2024

Supported Sensors: Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.2

Temporal Score: 5.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2020-35459

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2021-3020

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:crmsh-test, p-cpe:/a:novell:opensuse:crmsh, p-cpe:/a:novell:opensuse:crmsh-scripts, cpe:/o:novell:opensuse:15.2

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/14/2021

Vulnerability Publication Date: 1/12/2021

Reference Information

CVE: CVE-2020-35459, CVE-2021-3020