# Maintenance update for SUSE Manager 4.3.9 Release Notes Announcement ID: SUSE-SU-2023:4412-1 Rating: moderate References: * bsc#1204270 * bsc#1211047 * bsc#1211145 * bsc#1211270 * bsc#1211912 * bsc#1212168 * bsc#1212507 * bsc#1213132 * bsc#1213376 * bsc#1213469 * bsc#1213680 * bsc#1213689 * bsc#1214041 * bsc#1214121 * bsc#1214463 * bsc#1214553 * bsc#1214746 * bsc#1215027 * bsc#1215120 * bsc#1215157 * bsc#1215412 * bsc#1215514 * bsc#1216411 * bsc#1216661 * jsc#MSQA-706 * jsc#SUMA-111 Cross-References: * CVE-2023-34049 CVSS scores: Affected Products: * openSUSE Leap 15.4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 An update that solves one vulnerability, contains two features and has 23 security fixes can now be installed. ## Recommended update for SUSE Manager Proxy and Retail Branch Server 4.3 ### Description: This update fixes the following issues: release-notes-susemanager-proxy: * Update to SUSE Manager 4.3.9 * Bugs mentioned bsc#1212507, bsc#1216411 ## Security update for SUSE Manager Server 4.3 ### Description: This update fixes the following issues: * Update to SUSE Manager 4.3.9 * Debian 12 support as client * New Update Notification (jsc#SUMA-111) * Monitoring: Grafana upgraded to 9.5.8 * Update 'saltkey' endpoints to accept GET instead of POST * CVEs fixed: CVE-2023-34049 * Bugs mentioned: bsc#1204270, bsc#1211047, bsc#1211145, bsc#1211270, bsc#1211912 bsc#1212168, bsc#1212507, bsc#1213132, bsc#1213376, bsc#1213469 bsc#1213680, bsc#1213689, bsc#1214041, bsc#1214121, bsc#1214463 bsc#1214553, bsc#1214746, bsc#1215027, bsc#1215120, bsc#1215412 bsc#1215514, bsc#1216661, bsc#1215157 ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch SUSE-2023-4412=1 * SUSE Manager Proxy 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.3-2023-4412=1 * SUSE Manager Retail Branch Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch- Server-4.3-2023-4412=1 * SUSE Manager Server 4.3 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.3-2023-4412=1 ## Package List: * openSUSE Leap 15.4 (noarch) * release-notes-susemanager-4.3.9-150400.3.90.1 * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Proxy 4.3 (noarch) * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Retail Branch Server 4.3 (noarch) * release-notes-susemanager-proxy-4.3.9-150400.3.69.1 * SUSE Manager Server 4.3 (noarch) * release-notes-susemanager-4.3.9-150400.3.90.1 ## References: * https://www.suse.com/security/cve/CVE-2023-34049.html * https://bugzilla.suse.com/show_bug.cgi?id=1204270 * https://bugzilla.suse.com/show_bug.cgi?id=1211047 * https://bugzilla.suse.com/show_bug.cgi?id=1211145 * https://bugzilla.suse.com/show_bug.cgi?id=1211270 * https://bugzilla.suse.com/show_bug.cgi?id=1211912 * https://bugzilla.suse.com/show_bug.cgi?id=1212168 * https://bugzilla.suse.com/show_bug.cgi?id=1212507 * https://bugzilla.suse.com/show_bug.cgi?id=1213132 * https://bugzilla.suse.com/show_bug.cgi?id=1213376 * https://bugzilla.suse.com/show_bug.cgi?id=1213469 * https://bugzilla.suse.com/show_bug.cgi?id=1213680 * https://bugzilla.suse.com/show_bug.cgi?id=1213689 * https://bugzilla.suse.com/show_bug.cgi?id=1214041 * https://bugzilla.suse.com/show_bug.cgi?id=1214121 * https://bugzilla.suse.com/show_bug.cgi?id=1214463 * https://bugzilla.suse.com/show_bug.cgi?id=1214553 * https://bugzilla.suse.com/show_bug.cgi?id=1214746 * https://bugzilla.suse.com/show_bug.cgi?id=1215027 * https://bugzilla.suse.com/show_bug.cgi?id=1215120 * https://bugzilla.suse.com/show_bug.cgi?id=1215157 * https://bugzilla.suse.com/show_bug.cgi?id=1215412 * https://bugzilla.suse.com/show_bug.cgi?id=1215514 * https://bugzilla.suse.com/show_bug.cgi?id=1216411 * https://bugzilla.suse.com/show_bug.cgi?id=1216661 * https://jira.suse.com/browse/MSQA-706 * https://jira.suse.com/browse/SUMA-111