SUSE-SU-2022:3747-1: moderate: Security update for SUSE Manager Client Tools
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Wed Oct 26 14:06:43 UTC 2022
SUSE Security Update: Security update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:3747-1
Rating: moderate
References: #1196338 #1198903 #1200725 #1201535 #1201539
SLE-23422 SLE-23439 SLE-24243 SLE-24565 SLE-24791
SUMA-114
Cross-References: CVE-2022-21698 CVE-2022-31097 CVE-2022-31107
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-31097 (NVD) : 5.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-31097 (SUSE): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
CVE-2022-31107 (NVD) : 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-31107 (SUSE): 7.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L
Affected Products:
SUSE Linux Enterprise Server 12-SP3-BCL
SUSE Linux Enterprise Server 12-SP4-LTSS
SUSE Linux Enterprise Server 12-SP5
SUSE Linux Enterprise Server for SAP 12-SP4
SUSE Manager Tools 12
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 9
______________________________________________________________________________
An update that solves three vulnerabilities, contains 6
features and has two fixes is now available.
Description:
This update fixes the following issues:
golang-github-lusitaniae-apache_exporter:
- Update to upstream release 0.11.0 (jsc#SLE-24791)
* Add TLS support
* Switch to logger, please check --log.level and --log.format flags
- Update to version 0.10.1
* Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
- Update to version 0.10.0
* Add Apache Proxy and other metrics
- Update to version 0.8.0
* Change commandline flags
* Add metrics: Apache version, request duration total
- Adapted to build on Enterprise Linux 8
- Require building with Go 1.15
- Add %license macro for LICENSE file
golang-github-prometheus-alertmanager:
- Do not include sources (bsc#1200725)
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
(bsc#1196338, jsc#SLE-24243, jsc#SUMA-114)
grafana:
- Update to version 8.3.10
+ Security:
* CVE-2022-31097: Cross Site Scripting vulnerability in the Unified
Alerting (bsc#1201535)
* CVE-2022-31107: OAuth account takeover vulnerability (bsc#1201539)
- Update to version 8.3.9
+ Bug fixes:
* Geomap: Display legend
* Prometheus: Fix timestamp truncation
- Update to version 8.3.7
+ Bug fix:
* Provisioning: Ensure that the default value for orgID is set when
provisioning datasources to be deleted.
- Update to version 8.3.6
+ Features and enhancements:
* Cloud Monitoring: Reduce request size when listing labels.
* Explore: Show scalar data result in a table instead of graph.
* Snapshots: Updates the default external snapshot server URL.
* Table: Makes footer not overlap table content.
* Tempo: Add request histogram to service graph datalink.
* Tempo: Add time range to tempo search query behind a feature flag.
* Tempo: Auto-clear results when changing query type.
* Tempo: Display start time in search results as relative time.
* CloudMonitoring: Fix resource labels in query editor.
* Cursor sync: Apply the settings without saving the dashboard.
* LibraryPanels: Fix for Error while cleaning library panels.
* Logs Panel: Fix timestamp parsing for string dates without timezone.
* Prometheus: Fix some of the alerting queries that use reduce/math
operation.
* TablePanel: Fix ad-hoc variables not working on default datasources.
* Text Panel: Fix alignment of elements.
* Variables: Fix for constant variables in self referencing links.
- Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)
kiwi-desc-saltboot:
- Update to version 0.1.1661440542.6cbe0da
* Use standard susemanager.conf
* Use salt bundle
* Add support fo VirtIO disks
mgr-daemon:
- Version 4.3.6-1
* Update translation strings
spacecmd:
- Version 4.3.15-1
* Process date values in spacecmd api calls (bsc#1198903)
spacewalk-client-tools:
- Version 4.3.12-1
* Update translation strings
uyuni-common-libs:
- Version 4.3.6-1
* Do not allow creating path if nonexistent user or group in fileutils.
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2022-3747=1
- SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2022-3747=1
- SUSE Manager Tools 12:
zypper in -t patch SUSE-SLE-Manager-Tools-12-2022-3747=1
- SUSE Linux Enterprise Server for SAP 12-SP4:
zypper in -t patch SUSE-SLE-SAP-12-SP4-2022-3747=1
- SUSE Linux Enterprise Server 12-SP5:
zypper in -t patch SUSE-SLE-SERVER-12-SP5-2022-3747=1
- SUSE Linux Enterprise Server 12-SP4-LTSS:
zypper in -t patch SUSE-SLE-SERVER-12-SP4-LTSS-2022-3747=1
- SUSE Linux Enterprise Server 12-SP3-BCL:
zypper in -t patch SUSE-SLE-SERVER-12-SP3-BCL-2022-3747=1
Package List:
- SUSE OpenStack Cloud Crowbar 9 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-1.21.1
- SUSE OpenStack Cloud 9 (x86_64):
golang-github-prometheus-node_exporter-1.3.0-1.21.1
- SUSE Manager Tools 12 (aarch64 ppc64le s390x x86_64):
golang-github-lusitaniae-apache_exporter-0.11.0-1.13.1
golang-github-prometheus-alertmanager-0.23.0-1.15.2
golang-github-prometheus-node_exporter-1.3.0-1.21.1
grafana-8.3.10-1.33.2
python2-uyuni-common-libs-4.3.6-1.27.1
- SUSE Manager Tools 12 (noarch):
kiwi-desc-saltboot-0.1.1661440542.6cbe0da-1.29.1
mgr-daemon-4.3.6-1.38.1
python2-spacewalk-check-4.3.12-52.77.1
python2-spacewalk-client-setup-4.3.12-52.77.1
python2-spacewalk-client-tools-4.3.12-52.77.1
spacecmd-4.3.15-38.109.1
spacewalk-check-4.3.12-52.77.1
spacewalk-client-setup-4.3.12-52.77.1
spacewalk-client-tools-4.3.12-52.77.1
- SUSE Linux Enterprise Server for SAP 12-SP4 (ppc64le x86_64):
golang-github-prometheus-node_exporter-1.3.0-1.21.1
- SUSE Linux Enterprise Server 12-SP5 (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-1.21.1
- SUSE Linux Enterprise Server 12-SP4-LTSS (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-node_exporter-1.3.0-1.21.1
- SUSE Linux Enterprise Server 12-SP3-BCL (x86_64):
golang-github-prometheus-node_exporter-1.3.0-1.21.1
References:
https://www.suse.com/security/cve/CVE-2022-21698.html
https://www.suse.com/security/cve/CVE-2022-31097.html
https://www.suse.com/security/cve/CVE-2022-31107.html
https://bugzilla.suse.com/1196338
https://bugzilla.suse.com/1198903
https://bugzilla.suse.com/1200725
https://bugzilla.suse.com/1201535
https://bugzilla.suse.com/1201539
More information about the sle-security-updates
mailing list