Security update for terraform SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2021:0263-1 Final 1 1 2021-02-01T14:01:06Z current 2021-02-01T14:01:06Z 2021-02-01T14:01:06Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for terraform This update for terraform fixes the following issues: - Updated terraform to version 0.13.4 (bsc#1177421) * Many features, bug fixes, and enhancements were made during this update. Please refer to the terraform rpm changelog, for a full list of all changes. - The following terraform providers were updated: * terraform-provider-aws * terraform-provider-azurerm * terraform-provider-external * terraform-provider-google * terraform-provider-helm * terraform-provider-kubernetes * terraform-provider-local * terraform-provider-null * terraform-provider-random * terraform-provider-tls The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2021-263,SUSE-SLE-Module-Public-Cloud-15-SP2-2021-263 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2021/suse-su-20210263-1/ Link for SUSE-SU-2021:0263-1 https://lists.suse.com/pipermail/sle-security-updates/2021-February/008259.html E-Mail link for SUSE-SU-2021:0263-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1168921 SUSE Bug 1168921 https://bugzilla.suse.com/1170264 SUSE Bug 1170264 https://bugzilla.suse.com/1177421 SUSE Bug 1177421 https://www.suse.com/security/cve/CVE-2020-14039/ SUSE CVE CVE-2020-14039 page SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-0.13.4-6.3.1 terraform-provider-aws-3.11.0-6.3.1 terraform-provider-azurerm-2.32.0-6.3.1 terraform-provider-external-2.0.0-6.3.1 terraform-provider-google-3.43.0-6.3.1 terraform-provider-helm-1.3.2-6.3.1 terraform-provider-kubernetes-1.13.2-6.3.1 terraform-provider-local-2.0.0-6.3.1 terraform-provider-null-3.0.0-6.3.1 terraform-provider-random-3.0.0-6.3.1 terraform-provider-tls-3.0.0-5.3.2 terraform-0.13.4-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-aws-3.11.0-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-azurerm-2.32.0-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-external-2.0.0-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-google-3.43.0-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-helm-1.3.2-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-kubernetes-1.13.2-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-local-2.0.0-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-null-3.0.0-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-random-3.0.0-6.3.1 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 terraform-provider-tls-3.0.0-5.3.2 as a component of SUSE Linux Enterprise Module for Public Cloud 15 SP2 In Go before 1.13.13 and 1.14.x before 1.14.5, Certificate.Verify may lack a check on the VerifyOptions.KeyUsages EKU requirements (if VerifyOptions.Roots equals nil and the installation is on Windows). Thus, X.509 certificate verification is incomplete. CVE-2020-14039 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-0.13.4-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-aws-3.11.0-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-azurerm-2.32.0-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-external-2.0.0-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-google-3.43.0-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-helm-1.3.2-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-kubernetes-1.13.2-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-local-2.0.0-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-null-3.0.0-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-random-3.0.0-6.3.1 SUSE Linux Enterprise Module for Public Cloud 15 SP2:terraform-provider-tls-3.0.0-5.3.2 moderate 5 AV:N/AC:L/Au:N/C:N/I:P/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2021/suse-su-20210263-1/ https://www.suse.com/security/cve/CVE-2020-14039.html CVE-2020-14039 https://bugzilla.suse.com/1174191 SUSE Bug 1174191