SUSE-SU-2022:1531-1: important: Security Beta update for SUSE Manager Client Tools
sle-updates at lists.suse.com
sle-updates at lists.suse.com
Wed May 4 19:19:38 UTC 2022
SUSE Security Update: Security Beta update for SUSE Manager Client Tools
______________________________________________________________________________
Announcement ID: SUSE-SU-2022:1531-1
Rating: important
References: #1181400 #1190535 #1196338 #1196704 #1197042
#1197417 #1197579 #1197689 SLE-24077 SLE-24138
SLE-24139 SLE-24238 SLE-24239
Cross-References: CVE-2020-22935 CVE-2022-21698 CVE-2022-22934
CVE-2022-22936 CVE-2022-22941
CVSS scores:
CVE-2022-21698 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-21698 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-22934 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22934 (SUSE): 7.5 CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22936 (NVD) : 8.8 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22936 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVE-2022-22941 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVE-2022-22941 (SUSE): 7.5 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
SUSE Manager Tools 12-BETA
______________________________________________________________________________
An update that solves 5 vulnerabilities, contains 5
features and has three fixes is now available.
Description:
This update fixes the following issues:
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Update vendor tarball with prometheus/client_golang
1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update to version 0.23.0:
* amtool: Detect version drift and warn users (#2672)
* Add ability to skip TLS verification for amtool (#2663)
* Fix empty isEqual in amtool. (#2668)
* Fix main tests (#2670)
* cli: add new template render command (#2538)
* OpsGenie: refer to alert instead of incident (#2609)
* Docs: target_match and source_match are DEPRECATED (#2665)
* Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400). Modified:
prometheus-alertmanager.service
golang-github-prometheus-node_exporter:
- CVE-2022-21698: Update vendor tarball with prometheus/client_golang
1.11.1 (bsc#1196338, jsc#SLE-24238, jsc#SLE-24239)
- Update to 1.3.0
* [CHANGE] Add path label to rapl collector #2146
* [CHANGE] Exclude filesystems under /run/credentials #2157
* [CHANGE] Add TCPTimeouts to netstat default filter #2189
* [FEATURE] Add lnstat collector for metrics from /proc/net/stat/ #1771
* [FEATURE] Add darwin powersupply collector #1777
* [FEATURE] Add support for monitoring GPUs on Linux #1998
* [FEATURE] Add Darwin thermal collector #2032
* [FEATURE] Add os release collector #2094
* [FEATURE] Add netdev.address-info collector #2105
* [FEATURE] Add clocksource metrics to time collector #2197
* [ENHANCEMENT] Support glob textfile collector directories #1985
* [ENHANCEMENT] ethtool: Expose node_ethtool_info metric #2080
* [ENHANCEMENT] Use include/exclude flags for ethtool filtering #2165
* [ENHANCEMENT] Add flag to disable guest CPU metrics #2123
* [ENHANCEMENT] Add DMI collector #2131
* [ENHANCEMENT] Add threads metrics to processes collector #2164
* [ENHANCMMENT] Reduce timer GC delays in the Linux filesystem collector
#2169
* [ENHANCMMENT] Add TCPTimeouts to netstat default filter #2189
* [ENHANCMMENT] Use SysctlTimeval for boottime collector on BSD #2208
* [BUGFIX] ethtool: Sanitize metric names #2093
* [BUGFIX] Fix ethtool collector for multiple interfaces #2126
* [BUGFIX] Fix possible panic on macOS #2133
* [BUGFIX] Collect flag_info and bug_info only for one core #2156
* [BUGFIX] Prevent duplicate ethtool metric names #2187
- Update to 1.2.2
* Bug fixes Fix processes collector long int parsing #2112
- Update to 1.2.1
* Removed Remove obsolete capture permission denied error patch
capture-permission-denied-error-energy_uj.patch: Already included
upstream Fix zoneinfo parsing prometheus/procfs#386 Fix nvme collector
log noise #2091 Fix rapl collector log noise #2092
- Update to 1.2.0
* Changes Rename filesystem collector flags to match other collectors
#2012 Make node_exporter print usage to STDOUT #203
* Features Add conntrack statistics metrics #1155 Add ethtool stats
collector #1832 Add flag to ignore network speed if it is unknown
#1989 Add tapestats collector for Linux #2044 Add nvme collector #2062
* Enhancements Add ErrorLog plumbing to promhttp #1887 Add more
Infiniband counters #2019 netclass: retrieve interface names and
filter before parsing #2033 Add time zone offset metric #2060 Handle
errors from disabled PSI subsystem #1983 Fix panic when using
backwards compatible flags #2000 Fix wrong value for OpenBSD memory
buffer cache #2015 Only initiate collectors once #2048 Handle small
backwards jumps in CPU idle #2067
- Apply patch to capture permission denied error for "energy_uj" file
(bsc#1190535)
golang-github-prometheus-prometheus:
- Build firewalld-prometheus-config only for SUSE Linux Enterprise 15,
15.1 and 15.2, and require firewalld for it
- Firewalld-prometheus-config needs to be a Recommends, not a Requires, as
prometheus does not require it to run
- Create firewalld-prometheus-config subpackage (bsc#1197042)
- CVE-2022-21698: Update vendor tarball with prometheus/client_golang
1.12.1 (bsc#1196338)
golang-github-prometheus-promu:
- Update to version 0.13.0:
* Release 0.13.0 (jsc#SLE-24138, jsc#SLE-24139)
* Add deprecation note to pkg directory
* Add windows/arm64
* Update common Prometheus files
* Fix typo
* Release 0.12.0
* Simplify CGO crossbuilds
* Update common Prometheus files
* Release 0.11.1
* Fix build with "linux" platform
- Update to 0.5.0
+ Features:
* Add support for aix/ppc64. #151
* Fallback to git describe output if no VERSION. #130
+ Enhancements:
* cmd/release: add --timeout option. #142
* cmd/release: create release in GitHub if none exists. #148
+ Bug Fixes:
* cmd/tarball: restore --prefix flag. #133
* cmd/release: don't leak credentials in case of error. #136
mgr-cfg:
- Version 4.3.6-1
* Fix the condition for preventing building python 2 subpackage for
SLE15 (bsc#1197579)
mgr-osad:
- Version 4.3.6-1
* Fix the condition for preventing building python 2 subpackage for SLE15
mgr-push:
- Version 4.3.4-1
* Fix the condition for preventing building python 2 subpackage for SLE15
mgr-virtualization:
- Version 4.3.5-1
* Fix the condition for preventing building python 2 subpackage for SLE15
rhnlib:
- Version 4.3.4-1
* Fix the condition for preventing building python 2 subpackage for SLE15
salt:
- Fix multiple security fixes (bsc#1197417)
* CVE-2020-22935: Sign authentication replies to prevent MiTM.
* CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
* CVE-2022-22936: Prevent job and fileserver replays
* CVE-2022-22941: Fixed targeting bug, especially visible when using
syndic and user auth.
spacecmd:
- Version 4.3.10-1
* parse boolean paramaters correctly (bsc#1197689)
* Add parameter to set containerized proxy SSH port
spacewalk-client-tools:
- Version 4.3.9-1
* Fix the condition for preventing building python 2 subpackage for SLE15
spacewalk-koan:
- Version 4.3.5-1
* Fix the condition for preventing building python 2 subpackage for SLE15
spacewalk-oscap:
- Version 4.3.5-1
* Fix the condition for preventing building python 2 subpackage for SLE15
suseRegisterInfo:
- Version 4.3.3-1
* Fix the condition for preventing building python 2 subpackage for SLE15
uyuni-common-libs:
- Version 4.3.4-1
* implement more decompression algorithms for reposync (bsc#1196704)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation methods
like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- SUSE Manager Tools 12-BETA:
zypper in -t patch SUSE-SLE-Manager-Tools-12-BETA-2022-1531=1
Package List:
- SUSE Manager Tools 12-BETA (aarch64 ppc64le s390x x86_64):
golang-github-prometheus-alertmanager-0.23.0-4.9.1
golang-github-prometheus-node_exporter-1.3.0-4.12.1
golang-github-prometheus-prometheus-2.32.1-4.30.1
golang-github-prometheus-promu-0.13.0-4.9.1
python2-salt-3000-53.11.1
python2-uyuni-common-libs-4.3.4-3.30.1
python3-salt-3000-53.11.1
salt-3000-53.11.1
salt-doc-3000-53.11.1
salt-minion-3000-53.11.1
- SUSE Manager Tools 12-BETA (noarch):
mgr-cfg-4.3.6-4.27.1
mgr-cfg-actions-4.3.6-4.27.1
mgr-cfg-client-4.3.6-4.27.1
mgr-cfg-management-4.3.6-4.27.1
mgr-osad-4.3.6-4.27.1
mgr-push-4.3.4-4.18.1
mgr-virtualization-host-4.3.5-4.18.1
python2-mgr-cfg-4.3.6-4.27.1
python2-mgr-cfg-actions-4.3.6-4.27.1
python2-mgr-cfg-client-4.3.6-4.27.1
python2-mgr-cfg-management-4.3.6-4.27.1
python2-mgr-osa-common-4.3.6-4.27.1
python2-mgr-osad-4.3.6-4.27.1
python2-mgr-push-4.3.4-4.18.1
python2-mgr-virtualization-common-4.3.5-4.18.1
python2-mgr-virtualization-host-4.3.5-4.18.1
python2-rhnlib-4.3.4-24.27.1
python2-spacewalk-check-4.3.9-55.45.1
python2-spacewalk-client-setup-4.3.9-55.45.1
python2-spacewalk-client-tools-4.3.9-55.45.1
python2-spacewalk-koan-4.3.5-27.18.1
python2-spacewalk-oscap-4.3.5-22.18.1
python2-suseRegisterInfo-4.3.3-28.21.1
spacecmd-4.3.10-41.39.1
spacewalk-check-4.3.9-55.45.1
spacewalk-client-setup-4.3.9-55.45.1
spacewalk-client-tools-4.3.9-55.45.1
spacewalk-koan-4.3.5-27.18.1
spacewalk-oscap-4.3.5-22.18.1
suseRegisterInfo-4.3.3-28.21.1
References:
https://www.suse.com/security/cve/CVE-2020-22935.html
https://www.suse.com/security/cve/CVE-2022-21698.html
https://www.suse.com/security/cve/CVE-2022-22934.html
https://www.suse.com/security/cve/CVE-2022-22936.html
https://www.suse.com/security/cve/CVE-2022-22941.html
https://bugzilla.suse.com/1181400
https://bugzilla.suse.com/1190535
https://bugzilla.suse.com/1196338
https://bugzilla.suse.com/1196704
https://bugzilla.suse.com/1197042
https://bugzilla.suse.com/1197417
https://bugzilla.suse.com/1197579
https://bugzilla.suse.com/1197689
More information about the sle-updates
mailing list