SUSE-SU-202501:15286-1: moderate: Security update for SUSE Manager Client Tools

Fri Feb 14 08:32:02 UTC 2025

# Security update for SUSE Manager Client Tools

Announcement ID: SUSE-SU-202501:15286-1  
Release Date: 2025-02-14T07:19:29Z  
Rating: moderate  
References:

  * bsc#1228182
  * bsc#1228690
  * bsc#1229079
  * bsc#1229104
  * bsc#1230361
  * bsc#1231497
  * bsc#1231568
  * bsc#1231759
  * bsc#1232575
  * bsc#1232769
  * bsc#1232817
  * bsc#1233202
  * bsc#1233279
  * bsc#1233630
  * bsc#1233660
  * bsc#1233667
  * bsc#1234123
  * jsc#ECO-3319
  * jsc#MSQA-914

Cross-References:

  * CVE-2024-22037

CVSS scores:

  * CVE-2024-22037 ( SUSE ):  5.7
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L
  * CVE-2024-22037 ( SUSE ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
  * CVE-2024-22037 ( NVD ):  5.7
    CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:L/SI:L/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
  * CVE-2024-22037 ( NVD ):  5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products:

  * SUSE Manager Client Tools for Ubuntu 20.04 2004

An update that solves one vulnerability, contains two features and has 16
security fixes can now be installed.

## Description:

This update fixes the following issues:

salt:

  * Build all python bindings for all flavors
  * Fixed the condition of alternatives for Tumbleweed and Leap 16
  * Handle logger exception when flushing already closed file
  * Included passlib as a recommended dependency
  * Make minion reconnecting on changing master IP (bsc#1228182)
  * Make Salt Bundle more tolerant to long running jobs (bsc#1228690)
  * Removed System V init support
  * Reverted setting SELinux context for minion service (bsc#1233667)
  * Use update-alternatives for salt-call and fix builing on EL8

scap-security-guide was updated to version 0.1.75 (jsc#ECO-3319):

  * Added Ism profile for OL8, OL9
  * Added new product kylinserver10
  * Created OL10 product
  * Release SLMicro5 product
  * Replaced two date injections by SOURCE_DATE_EPOCH to make reproducible
    (bsc#1230361)
  * Updated PCI-DSS control file for version 4.0.1

spacecmd was updated to version 5.0.11-0:

  * Updated translation strings

uyuni-tools was updated from version 0.1.23-0 to 0.1.27-0:

  * Security issues fixed:
  * CVE-2024-22037: Use podman secret to store the database credentials
    (bsc#1231497)
  * Other changes and bugs fixed:
  * Version 0.1.27-0
    * Bump the default image tag to 5.0.3
    * IsInstalled function fix
    * Run systemctl daemon-reload after changing the container image config (bsc#1233279)
    * Coco-replicas-upgrade
    * Persist search server indexes (bsc#1231759)
    * Sync deletes files during migration (bsc#1233660)
    * Ignore coco and hub images when applying PTF if they are not ailable (bsc#1229079)
    * Add --registry back to mgrpxy (bsc#1233202)
    * Only add java.hostname on migrated server if not present
    * Consider the configuration file to detect the coco or hub api images should be pulled (bsc#1229104)
    * Only raise an error if cloudguestregistryauth fails for PAYG (bsc#1233630)
    * Add registry.suse.com login to mgradm upgrade podman list (bsc#1234123)
  * Version 0.1.26-0
    * Ignore all zypper caches during migration (bsc#1232769)
    * Use the uyuni network for all podman containers (bsc#1232817)
  * Version 0.1.25-0
    * Don't migrate enabled systemd services, recreate them (bsc#1232575)
  * Version 0.1.24-0
    * Redact JSESSIONID and pxt-session-cookie values from logs and console output (bsc#1231568)

## Special Instructions and Notes:

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".  
Alternatively you can run the command listed for your product:

  * SUSE Manager Client Tools for Ubuntu 20.04 2004  
    zypper in -t patch suse-ubu204ct-client-tools-202501-15286=1

## Package List:

  * SUSE Manager Client Tools for Ubuntu 20.04 2004 (all)
    * scap-security-guide-ubuntu-0.1.75-2.55.2
    * salt-common-3006.0+ds-1+2.134.2
    * mgrctl-bash-completion-0.1.28-2.16.2
    * mgrctl-fish-completion-0.1.28-2.16.2
    * spacecmd-5.0.11-2.95.2
    * salt-minion-3006.0+ds-1+2.134.2
    * mgrctl-zsh-completion-0.1.28-2.16.2
  * SUSE Manager Client Tools for Ubuntu 20.04 2004 (amd64)
    * mgrctl-0.1.28-2.16.2

## References:

  * https://www.suse.com/security/cve/CVE-2024-22037.html
  * https://bugzilla.suse.com/show_bug.cgi?id=1228182
  * https://bugzilla.suse.com/show_bug.cgi?id=1228690
  * https://bugzilla.suse.com/show_bug.cgi?id=1229079
  * https://bugzilla.suse.com/show_bug.cgi?id=1229104
  * https://bugzilla.suse.com/show_bug.cgi?id=1230361
  * https://bugzilla.suse.com/show_bug.cgi?id=1231497
  * https://bugzilla.suse.com/show_bug.cgi?id=1231568
  * https://bugzilla.suse.com/show_bug.cgi?id=1231759
  * https://bugzilla.suse.com/show_bug.cgi?id=1232575
  * https://bugzilla.suse.com/show_bug.cgi?id=1232769
  * https://bugzilla.suse.com/show_bug.cgi?id=1232817
  * https://bugzilla.suse.com/show_bug.cgi?id=1233202
  * https://bugzilla.suse.com/show_bug.cgi?id=1233279
  * https://bugzilla.suse.com/show_bug.cgi?id=1233630
  * https://bugzilla.suse.com/show_bug.cgi?id=1233660
  * https://bugzilla.suse.com/show_bug.cgi?id=1233667
  * https://bugzilla.suse.com/show_bug.cgi?id=1234123
  * https://jira.suse.com/browse/ECO-3319
  * https://jira.suse.com/browse/MSQA-914

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-security-updates/attachments/20250214/37207f81/attachment.htm>