{"affected":[{"ecosystem_specific":{"binaries":[{"saphanabootstrap-formula":"0.13.1+git.1667812208.4db963e-150000.1.19.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for SAP Applications 15 SP1","name":"saphanabootstrap-formula","purl":"pkg:rpm/suse/saphanabootstrap-formula&distro=SUSE%20Linux%20Enterprise%20Module%20for%20SAP%20Applications%2015%20SP1"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.13.1+git.1667812208.4db963e-150000.1.19.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for saphanabootstrap-formula fixes the following issues:\n\n- Version bump 0.13.1\n  * revert changes to spec file to re-enable SLES RPM builds\n  * CVE-2022-45153: Fixed privilege escalation for arbitrary users in hana/ha_cluster.sls (bsc#1205990)\n\n- Version bump 0.13.0\n  * pass sid to sudoers in a SLES12 compatible way\n  * add location constraint to gcp_stonith\n\n- Version bump 0.12.1\n  * moved templates dir into hana dir in repository to be gitfs compatible\n\n- Version bump 0.12.0\n  * add SAPHanaSR takeover blocker\n\n- Version bump 0.11.0\n  * use check_cmd instead of tmp sudoers file\n  * make sudoers rules more secure\n  * migrate sudoers to template file\n\n- Version bump 0.10.1\n  * fix hook removal conditions\n  * fix majority_maker code on case grain is empty\n\n- Version bump 0.10.0\n  * allow to disable shared HANA basepath and rework add_hosts code\n    (enables HANA scale-out on AWS)\n  * do not edit global.ini directly (if not needed)\n\n- Version bump 0.9.1\n  * fix majority_maker code on case grain is empty\n\n- Version bump 0.9.0\n  * define vip_mechanism for every provider and reorder resources\n    (same schema for all SAP related formulas)\n\n- Version bump 0.8.1\n  * use multi-target Hook on HANA scale-out\n\n- Version bump 0.8.0\n  * add HANA scale-out support\n  * add idempotence to not affect a running HANA and cluster\n\n- Version bump 0.7.2\n  * add native fencing for microsoft-azure\n\n- fixes a not working import of dbapi in SUSE/ha-sap-terraform-deployments#703\n- removes the installation and extraction of all hdbcli files in the /hana/shared/srHook directory\n- fixes execution order of srTakeover/srCostOptMemConfig hook\n- renames and updates hook srTakeover to srCostOptMemConfig\n\n- Changing exporter stickiness to => 0 and adjusting the colocation \n  score from +inf to -inf and changing the colocation from Master to Slave. \n  This change fix the impact of a failed exporter in regards to the HANA DB.\n  \n\n- Document extra_parameters in pillar.example (bsc#1185643)\n\n- Change hanadb_exporter default timeout value to 30 seconds\n\n- Set correct stickiness for the azure-lb resource\n  The azure-lb resource receives an stickiness=0 to not influence on\n  transitions calculations as the HANA resources have more priority\n","id":"SUSE-SU-2023:0010-1","modified":"2023-01-02T10:42:48Z","published":"2023-01-02T10:42:48Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20230010-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1185643"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205990"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-45153"}],"related":["CVE-2022-45153"],"summary":"Security update for saphanabootstrap-formula","upstream":["CVE-2022-45153"]}