{"affected":[{"ecosystem_specific":{"binaries":[{"py26-compat-salt":"2016.11.10-10.17.1","spacewalk-java":"4.0.39-3.45.1","spacewalk-java-config":"4.0.39-3.45.1","spacewalk-java-lib":"4.0.39-3.45.1","spacewalk-java-postgresql":"4.0.39-3.45.1","spacewalk-taskomatic":"4.0.39-3.45.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.0","name":"py26-compat-salt","purl":"pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"2016.11.10-10.17.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"py26-compat-salt":"2016.11.10-10.17.1","spacewalk-java":"4.0.39-3.45.1","spacewalk-java-config":"4.0.39-3.45.1","spacewalk-java-lib":"4.0.39-3.45.1","spacewalk-java-postgresql":"4.0.39-3.45.1","spacewalk-taskomatic":"4.0.39-3.45.1"}]},"package":{"ecosystem":"SUSE:Manager Server Module 4.0","name":"spacewalk-java","purl":"pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.0"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.0.39-3.45.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This security update for SUSE Manager 4.0 provides the following fixes:\n\npy26-compat-salt:\n\n- Properly validate eauth credentials and tokens on SSH calls made by Salt API \n  (bsc#1178319, bsc#1178362, bsc#1178361, CVE-2020-25592, CVE-2020-17490, CVE-2020-16846)\n\nspacewalk-java:\n\n- Use correct eauth module and credentials for Salt SSH calls. (bsc#1178319, CVE-2020-25592)\n","id":"SUSE-SU-2020:3250-1","modified":"2020-11-06T16:03:24Z","published":"2020-11-06T16:03:24Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20203250-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178319"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178361"},{"type":"REPORT","url":"https://bugzilla.suse.com/1178362"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-16846"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-17490"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2020-25592"}],"related":["CVE-2020-16846","CVE-2020-17490","CVE-2020-25592"],"summary":"Security update for SUSE Manager 4.0","upstream":["CVE-2020-16846","CVE-2020-17490","CVE-2020-25592"]}