SUSE-SU-2022:1531-1: important: Security Beta update for SUSE Manager Client Tools

sle-updates at lists.suse.com sle-updates at lists.suse.com
Wed May 4 19:19:38 UTC 2022


   SUSE Security Update: Security Beta update for SUSE Manager Client Tools
______________________________________________________________________________

Announcement ID:    SUSE-SU-2022:1531-1
Rating:             important
References:         #1181400 #1190535 #1196338 #1196704 #1197042 
                    #1197417 #1197579 #1197689 SLE-24077 SLE-24138 
                    SLE-24139 SLE-24238 SLE-24239 
Cross-References:   CVE-2020-22935 CVE-2022-21698 CVE-2022-22934
                    CVE-2022-22936 CVE-2022-22941
CVSS scores:
                    CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
                    CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
                    CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:
                    SUSE Manager Tools 12-BETA
______________________________________________________________________________

   An update that solves 5 vulnerabilities, contains 5
   features and has three fixes is now available.

Description:

   This update fixes the following issues:

   golang-github-prometheus-alertmanager:

   - CVE-2022-21698: Update vendor tarball with prometheus/client_golang
     1.11.1 (bsc#1196338, jsc#SLE-24077)
   - Update to version 0.23.0:
     * amtool: Detect version drift and warn users (#2672)
     * Add ability to skip TLS verification for amtool (#2663)
     * Fix empty isEqual in amtool. (#2668)
     * Fix main tests (#2670)
     * cli: add new template render command (#2538)
     * OpsGenie: refer to alert instead of incident (#2609)
     * Docs: target_match and source_match are DEPRECATED (#2665)
     * Fix test not waiting for cluster member to be ready
   - Added hardening to systemd service(s) (bsc#1181400). Modified:
     prometheus-alertmanager.service

   golang-github-prometheus-node_exporter:

   - CVE-2022-21698: Update vendor tarball with prometheus/client_golang
     1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
   - Update to 1.3.0
     * [CHANGE] Add path label to rapl collector #2146
     * [CHANGE] Exclude filesystems under /run/credentials #2157
     * [CHANGE] Add TCPTimeouts to netstat default filter #2189
     * [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
     * [FEATURE] Add darwin powersupply collector #1777
     * [FEATURE] Add support for monitoring GPUs on Linux #1998
     * [FEATURE] Add Darwin thermal collector #2032
     * [FEATURE] Add os release collector #2094
     * [FEATURE] Add netdev.address-info collector #2105
     * [FEATURE] Add clocksource metrics to time collector #2197
     * [ENHANCEMENT] Support glob textfile collector directories #1985
     * [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
     * [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
     * [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
     * [ENHANCEMENT] Add DMI collector #2131
     * [ENHANCEMENT] Add threads metrics to processes collector #2164
     * [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector
       #2169
     * [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
     * [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
     * [BUGFIX] ethtool: Sanitize metric names #2093
     * [BUGFIX] Fix ethtool collector for multiple interfaces #2126
     * [BUGFIX] Fix possible panic on macOS #2133
     * [BUGFIX] Collect flag_info and bug_info only for one core #2156
     * [BUGFIX] Prevent duplicate ethtool metric names #2187
   - Update to 1.2.2
     * Bug fixes Fix processes collector long int parsing #2112
   - Update to 1.2.1
     * Removed Remove obsolete capture permission denied error patch
       capture-permission-denied-error-energy_uj.patch: Already included
       upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector
       log noise #2091 Fix rapl collector log noise #2092
   - Update to 1.2.0
     * Changes Rename filesystem collector flags to match other collectors
       #2012 Make node_exporter print usage to STDOUT #203
     * Features Add conntrack statistics metrics #1155 Add ethtool stats
       collector #1832 Add flag to ignore network speed if it is unknown
       #1989 Add tapestats collector for Linux #2044 Add nvme collector #2062
     * Enhancements Add ErrorLog plumbing to promhttp #1887 Add more
       Infiniband counters #2019 netclass: retrieve interface names and
       filter before parsing #2033 Add time zone offset metric #2060 Handle
       errors from disabled PSI subsystem #1983 Fix panic when using
       backwards compatible flags #2000 Fix wrong value for OpenBSD memory
       buffer cache #2015 Only initiate collectors once #2048 Handle small
       backwards jumps in CPU idle #2067
   - Apply patch to capture permission denied error for "energy_uj" file
     (bsc#1190535)

   golang-github-prometheus-prometheus:

   - Build firewalld-prometheus-config only for SUSE Linux Enterprise 15,
     15.1 and 15.2, and require firewalld for it
   - Firewalld-prometheus-config needs to be a Recommends, not a Requires, as
     prometheus does not require it to run
   - Create firewalld-prometheus-config subpackage (bsc#1197042)
   - CVE-2022-21698: Update vendor tarball with prometheus/client_golang
     1.12.1 (bsc#1196338)

   golang-github-prometheus-promu:

   - Update to version 0.13.0:
     * Release 0.13.0 (jsc#SLE-24138, jsc#SLE-24139)
     * Add deprecation note to pkg directory
     * Add windows/arm64
     * Update common Prometheus files
     * Fix typo
     * Release 0.12.0
     * Simplify CGO crossbuilds
     * Update common Prometheus files
     * Release 0.11.1
     * Fix build with "linux" platform
   - Update to 0.5.0
     + Features:
       * Add support for aix/ppc64. #151
       * Fallback to git describe output if no VERSION. #130
     + Enhancements:
       * cmd/release: add --timeout option. #142
       * cmd/release: create release in GitHub if none exists. #148
     + Bug Fixes:
       * cmd/tarball: restore --prefix flag. #133
       * cmd/release: don't leak credentials in case of error. #136

   mgr-cfg:

   - Version 4.3.6-1
     * Fix the condition for preventing building python 2 subpackage for
       SLE15 (bsc#1197579)

   mgr-osad:

   - Version 4.3.6-1
     * Fix the condition for preventing building python 2 subpackage for SLE15

   mgr-push:

   - Version 4.3.4-1
     * Fix the condition for preventing building python 2 subpackage for SLE15

   mgr-virtualization:

   - Version 4.3.5-1
     * Fix the condition for preventing building python 2 subpackage for SLE15

   rhnlib:

   - Version 4.3.4-1
     * Fix the condition for preventing building python 2 subpackage for SLE15

   salt:

   - Fix multiple security fixes (bsc#1197417)
     * CVE-2020-22935: Sign authentication replies to prevent MiTM.
     * CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
     * CVE-2022-22936: Prevent job and fileserver replays
     * CVE-2022-22941: Fixed targeting bug, especially visible when using
       syndic and user auth.

   spacecmd:

   - Version 4.3.10-1
     * parse boolean paramaters correctly (bsc#1197689)
     * Add parameter to set containerized proxy SSH port

   spacewalk-client-tools:

   - Version 4.3.9-1
     * Fix the condition for preventing building python 2 subpackage for SLE15

   spacewalk-koan:

   - Version 4.3.5-1
     * Fix the condition for preventing building python 2 subpackage for SLE15

   spacewalk-oscap:

   - Version 4.3.5-1
     * Fix the condition for preventing building python 2 subpackage for SLE15

   suseRegisterInfo:

   - Version 4.3.3-1
     * Fix the condition for preventing building python 2 subpackage for SLE15

   uyuni-common-libs:

   - Version 4.3.4-1
     * implement more decompression algorithms for reposync (bsc#1196704)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Manager Tools 12-BETA:

      zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-1531=1



Package List:

   - SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64):

      golang-github-prometheus-alertmanager-0.23.0-4.9.1
      golang-github-prometheus-node_exporter-1.3.0-4.12.1
      golang-github-prometheus-prometheus-2.32.1-4.30.1
      golang-github-prometheus-promu-0.13.0-4.9.1
      python2-salt-3000-53.11.1
      python2-uyuni-common-libs-4.3.4-3.30.1
      python3-salt-3000-53.11.1
      salt-3000-53.11.1
      salt-doc-3000-53.11.1
      salt-minion-3000-53.11.1

   - SUSE Manager Tools 12-BETA (noarch):

      mgr-cfg-4.3.6-4.27.1
      mgr-cfg-actions-4.3.6-4.27.1
      mgr-cfg-client-4.3.6-4.27.1
      mgr-cfg-management-4.3.6-4.27.1
      mgr-osad-4.3.6-4.27.1
      mgr-push-4.3.4-4.18.1
      mgr-virtualization-host-4.3.5-4.18.1
      python2-mgr-cfg-4.3.6-4.27.1
      python2-mgr-cfg-actions-4.3.6-4.27.1
      python2-mgr-cfg-client-4.3.6-4.27.1
      python2-mgr-cfg-management-4.3.6-4.27.1
      python2-mgr-osa-common-4.3.6-4.27.1
      python2-mgr-osad-4.3.6-4.27.1
      python2-mgr-push-4.3.4-4.18.1
      python2-mgr-virtualization-common-4.3.5-4.18.1
      python2-mgr-virtualization-host-4.3.5-4.18.1
      python2-rhnlib-4.3.4-24.27.1
      python2-spacewalk-check-4.3.9-55.45.1
      python2-spacewalk-client-setup-4.3.9-55.45.1
      python2-spacewalk-client-tools-4.3.9-55.45.1
      python2-spacewalk-koan-4.3.5-27.18.1
      python2-spacewalk-oscap-4.3.5-22.18.1
      python2-suseRegisterInfo-4.3.3-28.21.1
      spacecmd-4.3.10-41.39.1
      spacewalk-check-4.3.9-55.45.1
      spacewalk-client-setup-4.3.9-55.45.1
      spacewalk-client-tools-4.3.9-55.45.1
      spacewalk-koan-4.3.5-27.18.1
      spacewalk-oscap-4.3.5-22.18.1
      suseRegisterInfo-4.3.3-28.21.1


References:

   https://www.suse.com/security/cve/CVE-2020-22935.html
   https://www.suse.com/security/cve/CVE-2022-21698.html
   https://www.suse.com/security/cve/CVE-2022-22934.html
   https://www.suse.com/security/cve/CVE-2022-22936.html
   https://www.suse.com/security/cve/CVE-2022-22941.html
   https://bugzilla.suse.com/1181400
   https://bugzilla.suse.com/1190535
   https://bugzilla.suse.com/1196338
   https://bugzilla.suse.com/1196704
   https://bugzilla.suse.com/1197042
   https://bugzilla.suse.com/1197417
   https://bugzilla.suse.com/1197579
   https://bugzilla.suse.com/1197689



More information about the sle-updates mailing list