SUSE-SU-2023:2185-1: important: Security update for SUSE Manager Client Tools

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu May 11 20:30:08 UTC 2023 


# Security update for SUSE Manager Client Tools

Announcement ID: SUSE-SU-2023:2185-1  
Rating: important  
References:

  * #1181400
  * #1197284
  * #1203185
  * #1208060
  * #1208064
  * #1208965

  
Cross-References:

  * CVE-2022-27191
  * CVE-2022-27664
  * CVE-2022-46146

  
CVSS scores:

  * CVE-2022-27191 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-27191 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-27664 ( SUSE ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-27664 ( NVD ):  7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
  * CVE-2022-46146 ( SUSE ):  8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
  * CVE-2022-46146 ( NVD ):  8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

  
Affected Products:

  * SUSE Manager Client Tools for RHEL, Liberty and Clones 9

  
  
An update that solves three vulnerabilities, contains two features and has three
fixes can now be installed.

## Description:

This update fixes the following issues:

prometheus-postgres_exporter:

  * Security issues fixed:
  * CVE-2022-46146: Fix authentication bypass via cache poisoning (bsc#1208060)
  * Other non-security issues fixed:
  * Adapt the systemd service security configuration to be able to start it on
    for Red Hat Linux Enterprise systems and clones
  * Add hardening to systemd service(s) (bsc#1181400)
  * Create the prometheus user for Red Hat Linux Enterprise systems and clones
  * Fix broken log-level for values other than debug (bsc#1208965)

golang-github-prometheus-node_exporter:

  * Security issues fixed in this version upgrade to 1.5.0:
  * CVE-2022-27191: Update go/x/crypto (bsc#1197284)
  * CVE-2022-27664: Update go/x/net (bsc#1203185)
  * CVE-2022-46146: Update exporter-toolkit (bsc#1208064)
  * Other non-security bug fixes and changes in this version update to 1.5.0:
  * NOTE: This changes the Go runtime "GOMAXPROCS" to 1. This is done to limit
    the concurrency of the exporter to 1 CPU thread at a time in order to avoid
    a race condition problem in the Linux kernel and parallel IO issues on nodes
    with high numbers of CPUs/CPU threads.
  * [CHANGE] Default GOMAXPROCS to 1
  * [CHANGE] Merge metrics descriptions in textfile collector
  * [BUGFIX] Fix hwmon label sanitizer
  * [BUGFIX] Use native endianness when encoding InetDiagMsg
  * [BUGFIX] Fix btrfs device stats always being zero
  * [BUGFIX] Fix diskstats exclude flags
  * [BUGFIX] [node-mixin] Fix fsSpaceAvailableCriticalThreshold and
    fsSpaceAvailableWarning
  * [BUGFIX] Fix concurrency issue in ethtool collector
  * [BUGFIX] Fix concurrency issue in netdev collector
  * [BUGFIX] Fix diskstat reads and write metrics for disks with different
    sector sizes
  * [BUGFIX] Fix iostat on macos broken by deprecation warning
  * [BUGFIX] Fix NodeFileDescriptorLimit alerts
  * [BUGFIX] Sanitize rapl zone names
  * [BUGFIX] Add file descriptor close safely in test
  * [BUGFIX] Fix race condition in os_release.go
  * [BUGFIX] Skip ZFS IO metrics if their paths are missing
  * [FEATURE] Add multiple listeners and systemd socket listener activation
  * [FEATURE] [node-mixin] Add darwin dashboard to mixin
  * [FEATURE] Add "isolated" metric on cpu collector on linux
  * [FEATURE] Add cgroup summary collector
  * [FEATURE] Add selinux collector
  * [FEATURE] Add slab info collector
  * [FEATURE] Add sysctl collector
  * [FEATURE] Also track the CPU Spin time for OpenBSD systems
  * [FEATURE] Add support for MacOS version
  * [ENHANCEMENT] Add RTNL version of netclass collector
  * [ENHANCEMENT] [node-mixin] Add missing selectors
  * [ENHANCEMENT] [node-mixin] Change current datasource to grafana's default
  * [ENHANCEMENT] [node-mixin] Change disk graph to disk table
  * [ENHANCEMENT] [node-mixin] Change io time units to %util
  * [ENHANCEMENT] Ad user_wired_bytes and laundry_bytes on *bsd
  * [ENHANCEMENT] Add additional vm_stat memory metrics for darwin
  * [ENHANCEMENT] Add device filter flags to arp collector
  * [ENHANCEMENT] Add diskstats include and exclude device flags
  * [ENHANCEMENT] Add node_softirqs_total metric
  * [ENHANCEMENT] Add rapl zone name label option
  * [ENHANCEMENT] Add slabinfo collector
  * [ENHANCEMENT] Allow user to select port on NTP server to query
  * [ENHANCEMENT] collector/diskstats: Add labels and metrics from udev
  * [ENHANCEMENT] Enable builds against older macOS SDK
  * [ENHANCEMENT] qdisk-linux: Add exclude and include flags for interface name
  * [ENHANCEMENT] systemd: Expose systemd minor version
  * [ENHANCEMENT] Use netlink for tcpstat collector
  * [ENHANCEMENT] Use netlink to get netdev stats
  * [ENHANCEMENT] Add additional perf counters for stalled frontend/backend
    cycles
  * [ENHANCEMENT] Add btrfs device error stats

## Patch Instructions:

To install this SUSE Important update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Client Tools for RHEL, Liberty and Clones 9  
    zypper in -t patch SUSE-EL-9-CLIENT-TOOLS-2023-2185=1

## Package List:

  * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le
    x86_64)
    * golang-github-prometheus-node_exporter-debuginfo-1.5.0-1.6.1
    * golang-github-prometheus-node_exporter-1.5.0-1.6.1
    * golang-github-prometheus-node_exporter-debugsource-1.5.0-1.6.1
  * SUSE Manager Client Tools for RHEL, Liberty and Clones 9 (aarch64 ppc64le
    s390x x86_64)
    * prometheus-postgres_exporter-0.10.1-1.6.2

## References:

  * https://www.suse.com/security/cve/CVE-2022-27191.html
  * https://www.suse.com/security/cve/CVE-2022-27664.html
  * https://www.suse.com/security/cve/CVE-2022-46146.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1181400
  * https://bugzilla.suse.com/show_bug.cgi?id=1197284
  * https://bugzilla.suse.com/show_bug.cgi?id=1203185
  * https://bugzilla.suse.com/show_bug.cgi?id=1208060
  * https://bugzilla.suse.com/show_bug.cgi?id=1208064
  * https://bugzilla.suse.com/show_bug.cgi?id=1208965
  * https://jira.suse.com/browse/MSQA-663
  * https://jira.suse.com/browse/MSQA-665

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20230511/e6cf0099/attachment.htm>

More information about the sle-security-updates mailing list