SUSE-SU-2024:4007-1: critical: Maintenance update for SUSE Manager 4.3 Release Notes

18 Nov 2024

      # Maintenance update for SUSE Manager 4.3 Release Notes

Announcement ID: SUSE-SU-2024:4007-1  
Release Date: 2024-11-18T13:20:16Z  
Rating: critical  
References:

  * bsc#1146701
  * bsc#1211899
  * bsc#1212985
  * bsc#1217003
  * bsc#1217338
  * bsc#1217978
  * bsc#1218090
  * bsc#1219450
  * bsc#1219645
  * bsc#1219887
  * bsc#1221435
  * bsc#1221505
  * bsc#1223312
  * bsc#1223988
  * bsc#1224108
  * bsc#1224209
  * bsc#1225603
  * bsc#1225619
  * bsc#1225960
  * bsc#1226090
  * bsc#1226439
  * bsc#1226461
  * bsc#1226478
  * bsc#1226687
  * bsc#1226917
  * bsc#1227133
  * bsc#1227334
  * bsc#1227406
  * bsc#1227526
  * bsc#1227543
  * bsc#1227599
  * bsc#1227606
  * bsc#1227746
  * bsc#1228036
  * bsc#1228101
  * bsc#1228130
  * bsc#1228147
  * bsc#1228286
  * bsc#1228326
  * bsc#1228345
  * bsc#1228412
  * bsc#1228545
  * bsc#1228638
  * bsc#1228851
  * bsc#1228945
  * bsc#1229079
  * bsc#1229178
  * bsc#1229260
  * bsc#1229339
  * bsc#1231332
  * bsc#1231852
  * bsc#1231900
  * bsc#1231922
  * jsc#MSQA-863

Cross-References:

  * CVE-2024-47533
  * CVE-2024-49502
  * CVE-2024-49503

CVSS scores:

  * CVE-2024-47533 ( SUSE ):  9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  * CVE-2024-49502 ( SUSE ):  4.6
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
  * CVE-2024-49502 ( SUSE ):  3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N
  * CVE-2024-49503 ( SUSE ):  4.6
    CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N
  * CVE-2024-49503 ( SUSE ):  3.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:N

Affected Products:

  * openSUSE Leap 15.4
  * SUSE Manager Proxy 4.3
  * SUSE Manager Retail Branch Server 4.3
  * SUSE Manager Server 4.3

An update that solves three vulnerabilities, contains one feature and has 50
security fixes can now be installed.

## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3

### Description:

This update fixes the following issues:

release-notes-susemanager-proxy:

  * Update to SUSE Manager 4.3.14
  * Bugs mentioned: bsc#1217003, bsc#1221505, bsc#1225619, bsc#1225960,
    bsc#1226917 bsc#1227606, bsc#1228036, bsc#1228345, bsc#1228851, bsc#1229079
    bsc#1229260, bsc#1229339

## Security update for SUSE Manager Server 4.3

### Description:

This update fixes the following issues:

release-notes-susemanager:

  * Update to SUSE Manager 4.3.14
  * Ubuntu 24.04 support as client
  * Product migration from RHEL and Clones to SUSE Liberty Linux
  * POS image templates now produce compressed images
  * Date format for API endpoints has been changed to ISO-8601 format
  * Security issues fixed: CVE-2024-47533, CVE-2024-49502, CVE-2024-49503
  * Bugs mentioned: bsc#1146701, bsc#1211899, bsc#1212985, bsc#1217003,
    bsc#1217338 bsc#1217978, bsc#1218090, bsc#1219450, bsc#1219645, bsc#1219887
    bsc#1221435, bsc#1221505, bsc#1223312, bsc#1223988, bsc#1224108 bsc#1224209,
    bsc#1225603, bsc#1225619, bsc#1225960, bsc#1226090 bsc#1226439, bsc#1226461,
    bsc#1226478, bsc#1226687, bsc#1226917 bsc#1227133, bsc#1227334, bsc#1227406,
    bsc#1227526, bsc#1227543 bsc#1227599, bsc#1227606, bsc#1227746, bsc#1228036,
    bsc#1228101 bsc#1228130, bsc#1228147, bsc#1228286, bsc#1228326, bsc#1228345
    bsc#1228412, bsc#1228545, bsc#1228638, bsc#1228851, bsc#1228945 bsc#1229079,
    bsc#1229178, bsc#1229260, bsc#1229339, bsc#1231332 bsc#1231852, bsc#1231922,
    bsc#1231900

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * openSUSE Leap 15.4  
    zypper in -t patch SUSE-2024-4007=1

  * SUSE Manager Proxy 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2024-4007=1

  * SUSE Manager Retail Branch Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-
Server-4.3-2024-4007=1

  * SUSE Manager Server 4.3  
    zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2024-4007=1

## Package List:

  * openSUSE Leap 15.4 (noarch)
    * release-notes-susemanager-proxy-4.3.14-150400.3.90.1
    * release-notes-susemanager-4.3.14-150400.3.122.1
  * SUSE Manager Proxy 4.3 (noarch)
    * release-notes-susemanager-proxy-4.3.14-150400.3.90.1
  * SUSE Manager Retail Branch Server 4.3 (noarch)
    * release-notes-susemanager-proxy-4.3.14-150400.3.90.1
  * SUSE Manager Server 4.3 (noarch)
    * release-notes-susemanager-4.3.14-150400.3.122.1

## References:

  * https://www.suse.com/security/cve/CVE-2024-47533.html
  * https://www.suse.com/security/cve/CVE-2024-49502.html
  * https://www.suse.com/security/cve/CVE-2024-49503.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1146701
  * https://bugzilla.suse.com/show_bug.cgi?id=1211899
  * https://bugzilla.suse.com/show_bug.cgi?id=1212985
  * https://bugzilla.suse.com/show_bug.cgi?id=1217003
  * https://bugzilla.suse.com/show_bug.cgi?id=1217338
  * https://bugzilla.suse.com/show_bug.cgi?id=1217978
  * https://bugzilla.suse.com/show_bug.cgi?id=1218090
  * https://bugzilla.suse.com/show_bug.cgi?id=1219450
  * https://bugzilla.suse.com/show_bug.cgi?id=1219645
  * https://bugzilla.suse.com/show_bug.cgi?id=1219887
  * https://bugzilla.suse.com/show_bug.cgi?id=1221435
  * https://bugzilla.suse.com/show_bug.cgi?id=1221505
  * https://bugzilla.suse.com/show_bug.cgi?id=1223312
  * https://bugzilla.suse.com/show_bug.cgi?id=1223988
  * https://bugzilla.suse.com/show_bug.cgi?id=1224108
  * https://bugzilla.suse.com/show_bug.cgi?id=1224209
  * https://bugzilla.suse.com/show_bug.cgi?id=1225603
  * https://bugzilla.suse.com/show_bug.cgi?id=1225619
  * https://bugzilla.suse.com/show_bug.cgi?id=1225960
  * https://bugzilla.suse.com/show_bug.cgi?id=1226090
  * https://bugzilla.suse.com/show_bug.cgi?id=1226439
  * https://bugzilla.suse.com/show_bug.cgi?id=1226461
  * https://bugzilla.suse.com/show_bug.cgi?id=1226478
  * https://bugzilla.suse.com/show_bug.cgi?id=1226687
  * https://bugzilla.suse.com/show_bug.cgi?id=1226917
  * https://bugzilla.suse.com/show_bug.cgi?id=1227133
  * https://bugzilla.suse.com/show_bug.cgi?id=1227334
  * https://bugzilla.suse.com/show_bug.cgi?id=1227406
  * https://bugzilla.suse.com/show_bug.cgi?id=1227526
  * https://bugzilla.suse.com/show_bug.cgi?id=1227543
  * https://bugzilla.suse.com/show_bug.cgi?id=1227599
  * https://bugzilla.suse.com/show_bug.cgi?id=1227606
  * https://bugzilla.suse.com/show_bug.cgi?id=1227746
  * https://bugzilla.suse.com/show_bug.cgi?id=1228036
  * https://bugzilla.suse.com/show_bug.cgi?id=1228101
  * https://bugzilla.suse.com/show_bug.cgi?id=1228130
  * https://bugzilla.suse.com/show_bug.cgi?id=1228147
  * https://bugzilla.suse.com/show_bug.cgi?id=1228286
  * https://bugzilla.suse.com/show_bug.cgi?id=1228326
  * https://bugzilla.suse.com/show_bug.cgi?id=1228345
  * https://bugzilla.suse.com/show_bug.cgi?id=1228412
  * https://bugzilla.suse.com/show_bug.cgi?id=1228545
  * https://bugzilla.suse.com/show_bug.cgi?id=1228638
  * https://bugzilla.suse.com/show_bug.cgi?id=1228851
  * https://bugzilla.suse.com/show_bug.cgi?id=1228945
  * https://bugzilla.suse.com/show_bug.cgi?id=1229079
  * https://bugzilla.suse.com/show_bug.cgi?id=1229178
  * https://bugzilla.suse.com/show_bug.cgi?id=1229260
  * https://bugzilla.suse.com/show_bug.cgi?id=1229339
  * https://bugzilla.suse.com/show_bug.cgi?id=1231332
  * https://bugzilla.suse.com/show_bug.cgi?id=1231852
  * https://bugzilla.suse.com/show_bug.cgi?id=1231900
  * https://bugzilla.suse.com/show_bug.cgi?id=1231922
  * https://jira.suse.com/browse/MSQA-863

OPENSUSE-SECURITY-UPDATES

tags

participants (1)