SUSE-SU-202501:15288-1: moderate: Security update for SUSE Manager Client Tools

SLE-SECURITY-UPDATES null at suse.de
Fri Feb 14 08:31:37 UTC 2025 


# Security update for SUSE Manager Client Tools

Announcement ID: SUSE-SU-202501:15288-1  
Release Date: 2025-02-14T07:19:41Z  
Rating: moderate  
References:

  * bsc#1229079
  * bsc#1229104
  * bsc#1231497
  * bsc#1231568
  * bsc#1231759
  * bsc#1232575
  * bsc#1232769
  * bsc#1232817
  * bsc#1233202
  * bsc#1233279
  * bsc#1233630
  * bsc#1233660
  * bsc#1234123
  * jsc#MSQA-914

  
Cross-References:

  * CVE-2024-22037

  
CVSS scores:

  * CVE-2024-22037 ( SUSE ):  5.7
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L
  * CVE-2024-22037 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-22037 ( NVD ):  5.7
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-22037 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

  
Affected Products:

  * SUSE Manager Client Tools for Ubuntu 24.04 2404

  
  
An update that solves one vulnerability, contains one feature and has 12
security fixes can now be installed.

## Description:

This update fixes the following issues:

spacecmd was updated to version 5.0.11-0:

  * Updated translation strings

uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:

  * Security issues fixed:
  * CVE-2024-22037: Use podman secret to store the database credentials
    (bsc#1231497)
  * Other changes and bugs fixed:
  * Version 0.1.27-0
    * Bump the default image tag to 5.0.3
    * IsInstalled function fix
    * Run systemctl daemon-reload after changing the container image config (bsc#1233279)
    * Coco-replicas-upgrade
    * Persist search server indexes (bsc#1231759)
    * Sync deletes files during migration (bsc#1233660)
    * Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)
    * Add --registry back to mgrpxy (bsc#1233202)
    * Only add java.hostname on migrated server if not present
    * Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)
    * Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)
    * Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
  * Version 0.1.26-0
    * Ignore all zypper caches during migration (bsc#1232769)
    * Use the uyuni network for all podman containers (bsc#1232817)
  * Version 0.1.25-0
    * Don't migrate enabled systemd services, recreate them (bsc#1232575)
  * Version 0.1.24-0
    * Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Client Tools for Ubuntu 24.04 2404  
    zypper in -t patch suse-ubu244ct-client-tools-202501-15288=1

## Package List:

  * SUSE Manager Client Tools for Ubuntu 24.04 2404 (all)
    * mgrctl-bash-completion-0.1.28-2.6.2
    * mgrctl-fish-completion-0.1.28-2.6.2
    * spacecmd-5.0.11-2.6.1
    * mgrctl-zsh-completion-0.1.28-2.6.2
  * SUSE Manager Client Tools for Ubuntu 24.04 2404 (amd64)
    * mgrctl-0.1.28-2.6.2

## References:

  * https://www.suse.com/security/cve/CVE-2024-22037.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1229079
  * https://bugzilla.suse.com/show_bug.cgi?id=1229104
  * https://bugzilla.suse.com/show_bug.cgi?id=1231497
  * https://bugzilla.suse.com/show_bug.cgi?id=1231568
  * https://bugzilla.suse.com/show_bug.cgi?id=1231759
  * https://bugzilla.suse.com/show_bug.cgi?id=1232575
  * https://bugzilla.suse.com/show_bug.cgi?id=1232769
  * https://bugzilla.suse.com/show_bug.cgi?id=1232817
  * https://bugzilla.suse.com/show_bug.cgi?id=1233202
  * https://bugzilla.suse.com/show_bug.cgi?id=1233279
  * https://bugzilla.suse.com/show_bug.cgi?id=1233630
  * https://bugzilla.suse.com/show_bug.cgi?id=1233660
  * https://bugzilla.suse.com/show_bug.cgi?id=1234123
  * https://jira.suse.com/browse/MSQA-914

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250214/a2c5c8f1/attachment.htm>

More information about the sle-security-updates mailing list