SUSE-SU-2023:0353-1: moderate: Security update for SUSE Manager Client Tools
SUSE Security Update: Security update for SUSE Manager Client Tools ______________________________________________________________________________ Announcement ID: SUSE-SU-2023:0353-1 Rating: moderate References: #1172110 #1204032 #1204126 #1204302 #1204303 #1204304 #1204305 #1205207 #1205225 #1205227 #1205599 #1206470 PED-2617 Cross-References: CVE-2022-31123 CVE-2022-31130 CVE-2022-39201 CVE-2022-39229 CVE-2022-39306 CVE-2022-39307 CVSS scores: CVE-2022-31123 (NVD) : 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2022-31123 (SUSE): 4 CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:L CVE-2022-31130 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-31130 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-39201 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-39201 (SUSE): 4.4 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N CVE-2022-39229 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39229 (SUSE): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVE-2022-39306 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N CVE-2022-39306 (SUSE): 6.4 CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N CVE-2022-39307 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2022-39307 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Affected Products: SUSE Manager Tools 15 SUSE Manager Tools for SLE Micro 5 openSUSE Leap 15.4 ______________________________________________________________________________ An update that solves 6 vulnerabilities, contains one feature and has 6 fixes is now available. Description: This update fixes the following issues: dracut-saltboot: - Update to version 0.1.1673279145.e7616bd * Add failsafe stop file when salt-minion does not stop (bsc#1172110) * Copy existing wicked config instead of generating new (bsc#1205599) grafana: - Update to version 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) - Update to version 8.5.14: * CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304) mgr-osad: - Version 4.3.7-1 * Updated logrotate configuration (bsc#1206470) mgr-push: - Version 4.3.5-1 * Update translation strings rhnlib: - Version 4.3.5-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of "Containerized Proxy configuration" 8022 spacewalk-client-tools: - Version 4.3.14-1 * Update translation strings uyuni-common-libs: - Version 4.3.7-1 * unify user notification code on java side Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2023-353=1 - SUSE Manager Tools for SLE Micro 5: zypper in -t patch SUSE-SLE-Manager-Tools-For-Micro-5-2023-353=1 - SUSE Manager Tools 15: zypper in -t patch SUSE-SLE-Manager-Tools-15-2023-353=1 Package List: - openSUSE Leap 15.4 (noarch): dracut-saltboot-0.1.1673279145.e7616bd-150000.1.44.1 spacecmd-4.3.18-150000.3.92.1 - SUSE Manager Tools for SLE Micro 5 (noarch): dracut-saltboot-0.1.1673279145.e7616bd-150000.1.44.1 - SUSE Manager Tools 15 (aarch64 ppc64le s390x x86_64): grafana-8.5.15-150000.1.39.1 grafana-debuginfo-8.5.15-150000.1.39.1 python3-uyuni-common-libs-4.3.7-150000.1.30.1 - SUSE Manager Tools 15 (noarch): dracut-saltboot-0.1.1673279145.e7616bd-150000.1.44.1 mgr-osad-4.3.7-150000.1.42.1 mgr-push-4.3.5-150000.1.24.2 python3-mgr-osa-common-4.3.7-150000.1.42.1 python3-mgr-osad-4.3.7-150000.1.42.1 python3-mgr-push-4.3.5-150000.1.24.2 python3-rhnlib-4.3.5-150000.3.40.1 python3-spacewalk-check-4.3.14-150000.3.74.1 python3-spacewalk-client-setup-4.3.14-150000.3.74.1 python3-spacewalk-client-tools-4.3.14-150000.3.74.1 spacecmd-4.3.18-150000.3.92.1 spacewalk-check-4.3.14-150000.3.74.1 spacewalk-client-setup-4.3.14-150000.3.74.1 spacewalk-client-tools-4.3.14-150000.3.74.1 References: https://www.suse.com/security/cve/CVE-2022-31123.html https://www.suse.com/security/cve/CVE-2022-31130.html https://www.suse.com/security/cve/CVE-2022-39201.html https://www.suse.com/security/cve/CVE-2022-39229.html https://www.suse.com/security/cve/CVE-2022-39306.html https://www.suse.com/security/cve/CVE-2022-39307.html https://bugzilla.suse.com/1172110 https://bugzilla.suse.com/1204032 https://bugzilla.suse.com/1204126 https://bugzilla.suse.com/1204302 https://bugzilla.suse.com/1204303 https://bugzilla.suse.com/1204304 https://bugzilla.suse.com/1204305 https://bugzilla.suse.com/1205207 https://bugzilla.suse.com/1205225 https://bugzilla.suse.com/1205227 https://bugzilla.suse.com/1205599 https://bugzilla.suse.com/1206470
participants (1)
-
opensuse-security@opensuse.org