SUSE-SU-2022:2145-1: important: Security update for SUSE Manager Server 4.1
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Jun 21 10:15:56 UTC 2022
SUSE Security Update: Security update for SUSE Manager Server 4.1
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2145-1
Rating: important
References: #1173527 #1182742 #1189501 #1190535 #1191143
#1192850 #1193032 #1193238 #1193707 #1194262
#1194447 #1194594 #1194909 #1195561 #1196067
#1196338 #1196407 #1196702 #1196704 #1197356
#1197429 #1197438 #1197488 #1198221 #1198356
#1198686 #1198914 #1199036 #1199142 #1199149
#1199512 #1199528 #1199577 #1199629 #1199677
#1199888 #1200212 #1200606 SLE-24238 SLE-24239
Cross-References: CVE-2022-21698 CVE-2022-21724 CVE-2022-21952
CVE-2022-26520 CVE-2022-31248
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21724 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-21724 (SUSE): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2022-26520 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-26520 (SUSE): 6.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Linux Enterprise Module for SUSE Manager Server 4.1
SUSE Manager Server 4.1
______________________________________________________________________________
An update that solves 5 vulnerabilities, contains two
features and has 33 fixes is now available.
Description:
This update fixes the following issues:
golang-github-QubitProducts-exporter_exporter:
- Adapted to build on Enterprise Linux.
- Fix build for RedHat 7
- Require Go >= 1.14 also for CentOS
- Add support for CentOS
- Replace %{?systemd_requires} with %{?systemd_ordering}
golang-github-lusitaniae-apache_exporter:
- Require building with Go 1.15
- Add %license macro for LICENSE file
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Update vendor tarball with prometheus/client_golang
1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector
#2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed Remove obsolete capture permission denied error patch already
included upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme
collector log noise #2091 Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes Rename filesystem collector flags to match other collectors
#2012 Make node_exporter print usage to STDOUT #203
* Features Add conntrack statistics metrics #1155 Add ethtool stats
collector #1832 Add flag to ignore network speed if it is unknown
#1989 Add tapestats collector for Linux #2044 Add nvme collector #2062
* Enhancements Add ErrorLog plumbing to promhttp #1887 Add more
Infiniband counters #2019 netclass: retrieve interface names and
filter before parsing #2033 Add time zone offset metric #2060 Handle
errors from disabled PSI subsystem #1983 Fix panic when using
backwards compatible flags #2000 Fix wrong value for OpenBSD memory
buffer cache #2015 Only initiate collectors once #2048 Handle small
backwards jumps in CPU idle #2067
- Capture permission denied error for "energy_uj" file (bsc#1190535)
patterns-suse-manager:
- Golang-github-wrouesnel-postgres_exporter was renamed to
prometheus-postgres_exporter
postgresql-jdbc:
- CVE-2022-26520: Address Arbitrary File Write Vulnerability (bsc#1197356)
- CVE-2022-21724: Address unchecked class instantiation when loading
plugins based on class names (bsc#1195561)
prometheus-exporters-formula:
- Version 0.9.5
* Postgres exporter package was renamed for Red Hat
- Version 0.9.4
* Postgres exporter package was renamed for SUSE Linux Enterprise Server
and openSUSE
prometheus-formula:
- Version 0.3.7
* Allow prometheus-formula only for SUSE systems (bsc#1199149)
py27-compat-salt:
- Remove redundant overrides causing confusing DEBUG logging (bsc#1189501)
spacecmd:
- Version 4.1.18-1
* implement system.bootstrap (bsc#1194909)
spacewalk-backend:
- Version 4.1.31-1
* Fix traceback on calling spacewalk-repo-sync --show-packages
(bsc#1193238)
* Fix virt_notify SQL syntax error (bsc#1199528)
* Do not raise error on file:// based DEB repo when looking for
alternative Release files (bsc#1199142)
* Improve parsing deb packages dependencies (bsc#1194594)
* Fix reposync update notice formatting and date parsing (bsc#1194447)
* implement more decompression algorithms for reposync (bsc#1196704)
spacewalk-java:
- Version 4.1.46-1
* Fix changelog to include the reference to CVE-2022-31248
- Version 4.1.45-1
* CVE-2022-31248: User enumeration via weak error message (bsc#1199629)
* CVE-2022-21952: Unauthenticated remote Denial of Service via resource
exhaustion. (bsc#1199512)
* During re-activation, recalculate grains if contact method has been
changed (bsc#1199677)
* autoinstallation: missing whitespace after install URL (bsc#1199888)
* Change system details lock tab name to lock/unlock (bsc#1193032)
* Set profile tag has no-mandatory in XCCDF result (bsc#1194262)
* Added a notification to inform the administrators about the product
end-of-life
* provisioning thought proxy should use proxy for self_update
(bsc#1199036)
* Allow removing duplicated packages names in the same Salt action
(bsc#1198686)
* Fix ACL rules for config diff download for SLS files (bsc#1198914)
* fix invalid link to action schedule
* Redesign the auto errata task to schedule combined actions
(bsc#1197429)
* detect free products in Alpha and Beta stage and prevent checks on
openSUSE products (bsc#1197488)
* Optimize adding new products function (bsc#1193707)
* change directory owner and permissions only when needed
* Fixed broken help link for system overview
* Finding empty profiles by mac address must be case insensitive
(bsc#1196407)
* generate the system ssh key when bootstrapping a salt-ssh client
(bsc#1194909)
spacewalk-setup:
- Version 4.1.11-1
* spacewalk-setup-cobbler assumes /etc/apache2/conf.d now as a default
instead of /etc/httpd/conf.d (bsc#1198356)
spacewalk-utils:
- Version 4.1.20-1
* spacewalk-hostname-rename now correctly replaces the hostname for the
mgr-sync configuration file (bsc#1198356)
* spacewalk-hostname-rename now utilizes the "--apache2-conf-dir" flag
for spacewalk-setup-cobbler (bsc#1198356)
spacewalk-web:
- Version 4.1.34-1
* Update Web UI version to 4.1.15
- Version 4.1.33-1
* Added support for end of life notifications
subscription-matcher:
- Version 0.28
* Support both antlr3-java and antlr3-runtime as dependencies
* Make it obvious that log4j12 is used
susemanager:
- version 4.1.36-1
* Add python3-contextvars and python3-immutables to missing bootstrap
repos (bsc#1200606)
- version 4.1.35-1
* Add python3-gnupg to bootstrap repo definition for Ubuntu 20.04
(bsc#1200212)
- Version 4.1.34-1
* mgr-sync: Raise a proper exception when duplicated lines exist in a
config file (bsc#1182742)
* fix SLE15 bootstrap repo definition (bsc#1197438)
* Add SLES15SP4 and SUMA Proxy 4.3 to bootstrap repo definitions
(bsc#1196702)
* Add missing dependencies for Salt 3004 into bootstrap repository for
SLE15 family (bsc#1198221)
susemanager-doc-indexes:
- The Large deployments Guide now includes a mention of the proxy
(bsc#1199577)
- In the Administration Guide, documented that monitoring tools are now
available on SUSE Linux Enterprise 12, 15 and openSUSE Leap 15, however,
Grafana is not available on Proxy (bsc#1191143)
- In the Administration Guide, renamed the
golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter
- In the Client Configuration and Retail Guides clarified that mandatory
channels are automatically checked (bsc#1173527)
- In the Client Configuration Guide, marked Yomi as unsupported on SUSE
Linux Enterprise Server 11 and 12
- Clarified channel label name in Registering Clients with RHUI section of
the Client Configuration Guide (bsc#1196067)
susemanager-docs_en:
- The Large deployments Guide now includes a mention of the proxy
(bsc#1199577)
- In the Administration Guide, documented that monitoring tools are now
available on SUSE Linux Enterprise 12, 15 and openSUSE Leap 15, however,
Grafana is not available on Proxy (bsc#1191143)
- In the Administration Guide, renamed the
golang-github-wrouesnel-postgres_exporter to prometheus-postgres_exporter
- In the Client Configuration and Retail Guides clarified that mandatory
channels are automatically checked (bsc#1173527)
- In the Client Configuration Guide, marked Yomi as unsupported on SUSE
Linux Enterprise Server 11 and 12
- Clarified channel label name in Registering Clients with RHUI section of
the Client Configuration Guide (bsc#1196067)
susemanager-schema:
- Version 4.1.26-1
* add schema update directory from 4.1.25 to 4.1.26
susemanager-sls:
- version 4.1.36-1
* Prevent possible tracebacks on calling module.run from mgrcompat by
setting proper globals with using LazyLoader
- Version 4.1.35-1
* Add support to packages.pkgremove to deal with duplicated pkg names
(bsc#1198686)
* Fix bootstrap repository path resolution for Oracle Linux
* Fix deprecated warning when getting pillar data (bsc#1192850)
* fixing how the return code is returned in mgrutil runner (bsc#1194909)
How to apply this update:
1. Log in as root user to the SUSE Manager server. 2. Stop the Spacewalk
service: `spacewalk-service stop` 3. Apply the patch using either zypper
patch or YaST Online Update. 4. Start the Spacewalk service:
`spacewalk-service start`
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1:
zypper in -t patch SUSE-SLE-Module-SUSE-Manager-Server-4.1-2022-2145=1
Package List:
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (ppc64le s390x x86_64):
golang-github-QubitProducts-exporter_exporter-0.4.0-150200.6.12.2
golang-github-lusitaniae-apache_exporter-0.7.0-150200.2.6.2
golang-github-lusitaniae-apache_exporter-debuginfo-0.7.0-150200.2.6.2
golang-github-prometheus-node_exporter-1.3.0-150200.3.9.3
patterns-suma_retail-4.1-150200.6.12.2
patterns-suma_server-4.1-150200.6.12.2
susemanager-4.1.36-150200.3.52.1
susemanager-tools-4.1.36-150200.3.52.1
- SUSE Linux Enterprise Module for SUSE Manager Server 4.1 (noarch):
postgresql-jdbc-42.2.10-150200.3.8.2
prometheus-exporters-formula-0.9.5-150200.3.31.2
prometheus-formula-0.3.7-150200.3.21.2
py27-compat-salt-3000.3-150200.6.24.2
spacecmd-4.1.18-150200.4.39.3
spacewalk-backend-4.1.31-150200.4.50.4
spacewalk-backend-app-4.1.31-150200.4.50.4
spacewalk-backend-applet-4.1.31-150200.4.50.4
spacewalk-backend-config-files-4.1.31-150200.4.50.4
spacewalk-backend-config-files-common-4.1.31-150200.4.50.4
spacewalk-backend-config-files-tool-4.1.31-150200.4.50.4
spacewalk-backend-iss-4.1.31-150200.4.50.4
spacewalk-backend-iss-export-4.1.31-150200.4.50.4
spacewalk-backend-package-push-server-4.1.31-150200.4.50.4
spacewalk-backend-server-4.1.31-150200.4.50.4
spacewalk-backend-sql-4.1.31-150200.4.50.4
spacewalk-backend-sql-postgresql-4.1.31-150200.4.50.4
spacewalk-backend-tools-4.1.31-150200.4.50.4
spacewalk-backend-xml-export-libs-4.1.31-150200.4.50.4
spacewalk-backend-xmlrpc-4.1.31-150200.4.50.4
spacewalk-base-4.1.34-150200.3.47.6
spacewalk-base-minimal-4.1.34-150200.3.47.6
spacewalk-base-minimal-config-4.1.34-150200.3.47.6
spacewalk-html-4.1.34-150200.3.47.6
spacewalk-java-4.1.46-150200.3.71.5
spacewalk-java-config-4.1.46-150200.3.71.5
spacewalk-java-lib-4.1.46-150200.3.71.5
spacewalk-java-postgresql-4.1.46-150200.3.71.5
spacewalk-setup-4.1.11-150200.3.18.2
spacewalk-taskomatic-4.1.46-150200.3.71.5
spacewalk-utils-4.1.20-150200.3.30.2
spacewalk-utils-extras-4.1.20-150200.3.30.2
subscription-matcher-0.28-150200.3.15.2
susemanager-doc-indexes-4.1-150200.11.55.4
susemanager-docs_en-4.1-150200.11.55.2
susemanager-docs_en-pdf-4.1-150200.11.55.2
susemanager-schema-4.1.26-150200.3.45.4
susemanager-sls-4.1.36-150200.3.64.2
susemanager-web-libs-4.1.34-150200.3.47.6
uyuni-config-modules-4.1.36-150200.3.64.2
References:
https://www.suse.com/security/cve/CVE-2022-21698.html
https://www.suse.com/security/cve/CVE-2022-21724.html
https://www.suse.com/security/cve/CVE-2022-21952.html
https://www.suse.com/security/cve/CVE-2022-26520.html
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1173527
https://bugzilla.suse.com/1182742
https://bugzilla.suse.com/1189501
https://bugzilla.suse.com/1190535
https://bugzilla.suse.com/1191143
https://bugzilla.suse.com/1192850
https://bugzilla.suse.com/1193032
https://bugzilla.suse.com/1193238
https://bugzilla.suse.com/1193707
https://bugzilla.suse.com/1194262
https://bugzilla.suse.com/1194447
https://bugzilla.suse.com/1194594
https://bugzilla.suse.com/1194909
https://bugzilla.suse.com/1195561
https://bugzilla.suse.com/1196067
https://bugzilla.suse.com/1196338
https://bugzilla.suse.com/1196407
https://bugzilla.suse.com/1196702
https://bugzilla.suse.com/1196704
https://bugzilla.suse.com/1197356
https://bugzilla.suse.com/1197429
https://bugzilla.suse.com/1197438
https://bugzilla.suse.com/1197488
https://bugzilla.suse.com/1198221
https://bugzilla.suse.com/1198356
https://bugzilla.suse.com/1198686
https://bugzilla.suse.com/1198914
https://bugzilla.suse.com/1199036
https://bugzilla.suse.com/1199142
https://bugzilla.suse.com/1199149
https://bugzilla.suse.com/1199512
https://bugzilla.suse.com/1199528
https://bugzilla.suse.com/1199577
https://bugzilla.suse.com/1199629
https://bugzilla.suse.com/1199677
https://bugzilla.suse.com/1199888
https://bugzilla.suse.com/1200212
https://bugzilla.suse.com/1200606
More information about the sle-security-updates
mailing list