SUSE-SU-2022:2146-1: important: Security update for release-notes-susemanager, release-notes-susemanager-proxy
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Jun 21 10:25:18 UTC 2022
SUSE Security Update: Security update for release-notes-susemanager, release-notes-susemanager-proxy
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:2146-1
Rating: important
References: #1187333 #1191143 #1192550 #1193707 #1194594
#1195710 #1196702 #1197400 #1197438 #1197449
#1197488 #1197591 #1197689 #1198221
Cross-References: CVE-2021-44906 CVE-2022-21952 CVE-2022-31248
CVSS scores:
CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVE-2022-31248 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected Products:
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
______________________________________________________________________________
An update that solves three vulnerabilities and has 11
fixes is now available.
Description:
This update for release-notes-susemanager, release-notes-susemanager-proxy
fixes the following issues:
Release notes for SUSE Manager:
- Update to 4.2.7
* Salt has been upgraded to 3004 version
* Enabled salt bundle as optional
* Debian 11 client support has been added
* Alertmanager has been upgraded to 0.23.0
* Node exporter has been upgraded 1.3.0
* CVEs fixed: CVE-2021-44906, CVE-2022-21952, CVE-2022-31248
* Bugs mentioned: bsc#1187333, bsc#1191143, bsc#1192550, bsc#1193707,
bsc#1194594 bsc#1195710, bsc#1196702, bsc#1197400, bsc#1197438,
bsc#1197449 bsc#1197488, bsc#1197591, bsc#1197689, bsc#1198221
Release notes for SUSE Manager proxy:
- Update to 4.2.7
* Salt has been upgraded to 3004 version
* Bugs mentioned: bsc#1187333, bsc#1194594, bsc#1195710, bsc#1197689
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2022-2146=1
- SUSE Manager Retail Branch Server 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.2-2022-2146=1
- SUSE Manager Proxy 4.2:
zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.2-2022-2146=1
Package List:
- SUSE Manager Server 4.2 (ppc64le s390x x86_64):
release-notes-susemanager-4.2.7-150300.3.44.1
- SUSE Manager Retail Branch Server 4.2 (x86_64):
release-notes-susemanager-proxy-4.2.7-150300.3.31.2
- SUSE Manager Proxy 4.2 (x86_64):
release-notes-susemanager-proxy-4.2.7-150300.3.31.2
References:
https://www.suse.com/security/cve/CVE-2021-44906.html
https://www.suse.com/security/cve/CVE-2022-21952.html
https://www.suse.com/security/cve/CVE-2022-31248.html
https://bugzilla.suse.com/1187333
https://bugzilla.suse.com/1191143
https://bugzilla.suse.com/1192550
https://bugzilla.suse.com/1193707
https://bugzilla.suse.com/1194594
https://bugzilla.suse.com/1195710
https://bugzilla.suse.com/1196702
https://bugzilla.suse.com/1197400
https://bugzilla.suse.com/1197438
https://bugzilla.suse.com/1197449
https://bugzilla.suse.com/1197488
https://bugzilla.suse.com/1197591
https://bugzilla.suse.com/1197689
https://bugzilla.suse.com/1198221
More information about the sle-security-updates
mailing list