<div class="container">
<h1>Security update for SUSE Manager Client Tools</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:3122-1</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204089">#1204089</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208612">#1208612</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211741">#1211741</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212279">#1212279</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2023-28370.html">CVE-2023-28370</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-28370</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">3.4</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2023-28370</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">6.1</span>
<span class="cvss-vector">CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">Advanced Systems Management Module 12</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12 SP1</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Desktop 12 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise High Performance Computing 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP1</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP1</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP2</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP3</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP4</li>
<li class="list-group-item">SUSE Linux Enterprise Server for SAP Applications 12 SP5</li>
<li class="list-group-item">SUSE Linux Enterprise Server for the Raspberry Pi 12-SP2</li>
<li class="list-group-item">SUSE Manager Client Tools for SLE 12</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability, contains three features and has three fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update fixes the following issues:</p>
<p>python-tornado:</p>
<ul>
<li>Security fixes:</li>
<li>CVE-2023-28370: Fixed an open redirect issue in the static file handler (bsc#1211741)</li>
</ul>
<p>kiwi-desc-saltboot:</p>
<ul>
<li>Update to version 0.1.1687520761.cefb248</li>
<li>Add osimage cert package to bootstrap for SUSE Linux Enterprise 12 images (bsc#1204089)</li>
</ul>
<p>prometheus-blackbox_exporter:</p>
<ul>
<li>Use obscpio for go modules service</li>
<li>Set version number</li>
<li>Set build date from SOURCE_DATE_EPOCH</li>
<li>Update to 0.24.0 (bsc#1212279, jsc#PED-4556)</li>
<li>Requires go1.19</li>
<li>Avoid empty validation script</li>
<li>Add rc symlink for backwards compatibility</li>
</ul>
<p>spacecmd:</p>
<ul>
<li>Version 4.3.22-1</li>
<li>Bypass traditional systems check on older SUMA instances (bsc#1208612)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE Moderate update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Manager Client Tools for SLE 12
<br/>
<code>zypper in -t patch SUSE-SLE-Manager-Tools-12-2023-3122=1</code>
</li>
<li class="list-group-item">
Advanced Systems Management Module 12
<br/>
<code>zypper in -t patch SUSE-SLE-Module-Adv-Systems-Management-12-2023-3122=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Manager Client Tools for SLE 12 (aarch64 ppc64le s390x x86_64)
<ul>
<li>prometheus-blackbox_exporter-debuginfo-0.24.0-1.20.3</li>
<li>python-tornado-4.2.1-17.7.1</li>
<li>python3-tornado-4.2.1-17.7.1</li>
<li>prometheus-blackbox_exporter-0.24.0-1.20.3</li>
<li>python-tornado-debuginfo-4.2.1-17.7.1</li>
<li>python-tornado-debugsource-4.2.1-17.7.1</li>
</ul>
</li>
<li>
SUSE Manager Client Tools for SLE 12 (noarch)
<ul>
<li>spacecmd-4.3.22-38.124.3</li>
<li>kiwi-desc-saltboot-0.1.1687520761.cefb248-1.35.2</li>
</ul>
</li>
<li>
Advanced Systems Management Module 12 (ppc64le s390x x86_64)
<ul>
<li>python-tornado-debuginfo-4.2.1-17.7.1</li>
<li>python-tornado-4.2.1-17.7.1</li>
<li>python3-tornado-4.2.1-17.7.1</li>
<li>python-tornado-debugsource-4.2.1-17.7.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2023-28370.html">https://www.suse.com/security/cve/CVE-2023-28370.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204089">https://bugzilla.suse.com/show_bug.cgi?id=1204089</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208612">https://bugzilla.suse.com/show_bug.cgi?id=1208612</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211741">https://bugzilla.suse.com/show_bug.cgi?id=1211741</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1212279">https://bugzilla.suse.com/show_bug.cgi?id=1212279</a>
</li>
<li>
<a href="https://jira.suse.com/browse/MSQA-679">https://jira.suse.com/browse/MSQA-679</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-3694">https://jira.suse.com/browse/PED-3694</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-4556">https://jira.suse.com/browse/PED-4556</a>
</li>
</ul>
</div>