Security update for SUSE Manager Server 4.2

Announcement ID:	SUSE-SU-2023:2594-1
Rating:	important
References:	bsc#1179747 bsc#1186011 bsc#1203599 bsc#1205600 bsc#1206423 bsc#1207550 bsc#1207814 bsc#1207941 bsc#1208046 bsc#1208984 bsc#1209220 bsc#1209231 bsc#1209277 bsc#1209386 bsc#1209434 bsc#1209508 bsc#1209877 bsc#1209915 bsc#1209926 bsc#1210011 bsc#1210086 bsc#1210101 bsc#1210107 bsc#1210154 bsc#1210162 bsc#1210232 bsc#1210311 bsc#1210406 bsc#1210437 bsc#1210458 bsc#1210659 bsc#1210835 bsc#1210957 bsc#1211330 bsc#1212096 bsc#1212363 bsc#1212517 jsc#MSQA-674
Cross-References:	CVE-2022-46146 CVE-2023-22644
CVSS scores:	CVE-2022-46146 ( SUSE ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2022-46146 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVE-2023-22644 ( NVD ): 3.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Affected Products:	openSUSE Leap 15.3 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.2

An update that solves two vulnerabilities, contains one feature and has 35 security fixes can now be installed.

Recommended update for SUSE Manager Proxy and Retail Branch Server 4.2

Description:

This update fixes the following issues:

release-notes-susemanager-proxy:

• Update to 4.2.13
• Bugs mentioned: bsc#1179747, bsc#1207814, bsc#1209231, bsc#1210437, bsc#1210458

Security update for SUSE Manager Server 4.2

Description:

This update fixes the following issues:

release-notes-susemanager:

• Update to 4.2.13
• Salt has been upgraded to 3006.0
• SUSE Linux Enterprise Server 15 SP5 Family support has been added
• openSUSE Leap 15.5 support has been added
• Automatic migration from Salt 3000 to Salt bundle
• Grafana upgraded to 9.5.1
• Node exporter upgraded to 1.5.0
• Prometheus upgraded to 2.37.6
• Postgres exporter upgraded to 0.10.1
• CVEs fixed: CVE-2023-22644, CVE-2022-46146
• Bugs mentioned: bsc#1179747, bsc#1186011, bsc#1203599, bsc#1205600, bsc#1206423 bsc#1207550, bsc#1207814, bsc#1207941, bsc#1208984, bsc#1209220 bsc#1209231, bsc#1209277, bsc#1209386, bsc#1209434, bsc#1209508 bsc#1209877, bsc#1209915, bsc#1209926, bsc#1210011, bsc#1210086 bsc#1210101, bsc#1210107, bsc#1210154, bsc#1210162, bsc#1210232 bsc#1210311, bsc#1210406, bsc#1210437, bsc#1210458, bsc#1210659 bsc#1210835, bsc#1210957, bsc#1211330, bsc#1208046, bsc#1212517 bsc#1212096

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Manager Retail Branch Server 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2023-2594=1
• SUSE Manager Server 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-2594=1
• openSUSE Leap 15.3
  zypper in -t patch SUSE-2023-2594=1
• SUSE Manager Proxy 4.2
  zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2023-2594=1

Package List:

• SUSE Manager Retail Branch Server 4.2 (noarch)
  • release-notes-susemanager-proxy-4.2.13-150300.3.64.2
• SUSE Manager Server 4.2 (noarch)
  • release-notes-susemanager-4.2.13-150300.3.81.1
• openSUSE Leap 15.3 (noarch)
  • release-notes-susemanager-4.2.13-150300.3.81.1
  • release-notes-susemanager-proxy-4.2.13-150300.3.64.2
• SUSE Manager Proxy 4.2 (noarch)
  • release-notes-susemanager-proxy-4.2.13-150300.3.64.2

References:

• https://www.suse.com/security/cve/CVE-2022-46146.html
• https://www.suse.com/security/cve/CVE-2023-22644.html
• https://bugzilla.suse.com/show_bug.cgi?id=1179747
• https://bugzilla.suse.com/show_bug.cgi?id=1186011
• https://bugzilla.suse.com/show_bug.cgi?id=1203599
• https://bugzilla.suse.com/show_bug.cgi?id=1205600
• https://bugzilla.suse.com/show_bug.cgi?id=1206423
• https://bugzilla.suse.com/show_bug.cgi?id=1207550
• https://bugzilla.suse.com/show_bug.cgi?id=1207814
• https://bugzilla.suse.com/show_bug.cgi?id=1207941
• https://bugzilla.suse.com/show_bug.cgi?id=1208046
• https://bugzilla.suse.com/show_bug.cgi?id=1208984
• https://bugzilla.suse.com/show_bug.cgi?id=1209220
• https://bugzilla.suse.com/show_bug.cgi?id=1209231
• https://bugzilla.suse.com/show_bug.cgi?id=1209277
• https://bugzilla.suse.com/show_bug.cgi?id=1209386
• https://bugzilla.suse.com/show_bug.cgi?id=1209434
• https://bugzilla.suse.com/show_bug.cgi?id=1209508
• https://bugzilla.suse.com/show_bug.cgi?id=1209877
• https://bugzilla.suse.com/show_bug.cgi?id=1209915
• https://bugzilla.suse.com/show_bug.cgi?id=1209926
• https://bugzilla.suse.com/show_bug.cgi?id=1210011
• https://bugzilla.suse.com/show_bug.cgi?id=1210086
• https://bugzilla.suse.com/show_bug.cgi?id=1210101
• https://bugzilla.suse.com/show_bug.cgi?id=1210107
• https://bugzilla.suse.com/show_bug.cgi?id=1210154
• https://bugzilla.suse.com/show_bug.cgi?id=1210162
• https://bugzilla.suse.com/show_bug.cgi?id=1210232
• https://bugzilla.suse.com/show_bug.cgi?id=1210311
• https://bugzilla.suse.com/show_bug.cgi?id=1210406
• https://bugzilla.suse.com/show_bug.cgi?id=1210437
• https://bugzilla.suse.com/show_bug.cgi?id=1210458
• https://bugzilla.suse.com/show_bug.cgi?id=1210659
• https://bugzilla.suse.com/show_bug.cgi?id=1210835
• https://bugzilla.suse.com/show_bug.cgi?id=1210957
• https://bugzilla.suse.com/show_bug.cgi?id=1211330
• https://bugzilla.suse.com/show_bug.cgi?id=1212096
• https://bugzilla.suse.com/show_bug.cgi?id=1212363
• https://bugzilla.suse.com/show_bug.cgi?id=1212517
• https://jira.suse.com/browse/MSQA-674