<div class="container">
<h1>Security update for supportutils</h1>
<table class="table table-striped table-bordered">
<tbody>
<tr>
<th>Announcement ID:</th>
<td>SUSE-SU-2023:3822-2</td>
</tr>
<tr>
<th>Rating:</th>
<td>moderate</td>
</tr>
<tr>
<th>References:</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1181477">bsc#1181477</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1196933">bsc#1196933</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204942">bsc#1204942</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205533">bsc#1205533</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206402">bsc#1206402</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206608">bsc#1206608</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207543">bsc#1207543</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207598">bsc#1207598</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208928">bsc#1208928</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209979">bsc#1209979</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210015">bsc#1210015</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210950">bsc#1210950</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211598">bsc#1211598</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211599">bsc#1211599</a>
</li>
<li style="display: inline;">
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213127">bsc#1213127</a>
</li>
<li style="display: inline;">
<a href="https://jira.suse.com/browse/PED-1703">jsc#PED-1703</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>
Cross-References:
</th>
<td>
<ul>
<li style="display: inline;">
<a href="https://www.suse.com/security/cve/CVE-2022-45154.html">CVE-2022-45154</a>
</li>
</ul>
</td>
</tr>
<tr>
<th>CVSS scores:</th>
<td>
<ul class="list-group">
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-45154</span>
<span class="cvss-source">
(
SUSE
):
</span>
<span class="cvss-score">4.3</span>
<span class="cvss-vector">CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N</span>
</li>
<li class="list-group-item">
<span class="cvss-reference">CVE-2022-45154</span>
<span class="cvss-source">
(
NVD
):
</span>
<span class="cvss-score">4.4</span>
<span class="cvss-vector">CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L</span>
</li>
</ul>
</td>
</tr>
<tr>
<th>Affected Products:</th>
<td>
<ul class="list-group">
<li class="list-group-item">SUSE Linux Enterprise Micro 5.5</li>
</ul>
</td>
</tr>
</tbody>
</table>
<p>An update that solves one vulnerability, contains one feature and has 14 security fixes can now be installed.</p>
<h2>Description:</h2>
<p>This update for supportutils fixes the following issues:</p>
<p>Security fixes:</p>
<ul>
<li>CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).</li>
</ul>
<p>Other Fixes:</p>
<ul>
<li>Changes in version 3.1.26</li>
<li>powerpc plugin to collect the slots and active memory (bsc#1210950)</li>
<li>A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154</li>
<li>supportconfig: collect BPF information (pr#154)</li>
<li>
<p>Added additional iscsi information (pr#155)</p>
</li>
<li>
<p>Added run time detection (bsc#1213127)</p>
</li>
<li>
<p>Changes for supportutils version 3.1.25</p>
</li>
<li>Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)</li>
<li>powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)</li>
<li>powerpc: collect invscout logs (pr#150)</li>
<li>powerpc: collect RMC status logs (pr#151)</li>
<li>Added missing nvme nbft commands (bsc#1211599)</li>
<li>Fixed invalid nvme commands (bsc#1211598)</li>
<li>Added missing podman information (PED-1703, bsc#1181477)</li>
<li>Removed dependency on sysfstools</li>
<li>Check for systool use (bsc#1210015)</li>
<li>Added selinux checking (bsc#1209979)</li>
<li>
<p>Updated SLES_VER matrix</p>
</li>
<li>
<p>Fixed missing status detail for apparmor (bsc#1196933)</p>
</li>
<li>Corrected invalid argument list in docker.txt (bsc#1206608)</li>
<li>Applies limit equally to sar data and text files (bsc#1207543)</li>
<li>Collects hwinfo hardware logs (bsc#1208928)</li>
<li>
<p>Collects lparnumascore logs (issue#148)</p>
</li>
<li>
<p>Add dependency to <code>numactl</code> on ppc64le and <code>s390x</code>, this enforces
that <code>numactl --hardware</code> data is provided in supportconfigs</p>
</li>
<li>
<p>Changes to supportconfig.rc version 3.1.11-35</p>
</li>
<li>
<p>Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)</p>
</li>
<li>
<p>Changes to supportconfig version 3.1.11-46.4</p>
</li>
<li>
<p>Added plymouth_info </p>
</li>
<li>
<p>Changes to getappcore version 1.53.02</p>
</li>
<li>The location of chkbin was updated earlier. This documents that
change (bsc#1205533, bsc#1204942)</li>
</ul>
<h2>Patch Instructions:</h2>
<p>
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".<br/>
Alternatively you can run the command listed for your product:
</p>
<ul class="list-group">
<li class="list-group-item">
SUSE Linux Enterprise Micro 5.5
<br/>
<code>zypper in -t patch SUSE-SLE-Micro-5.5-2023-3822=1</code>
</li>
</ul>
<h2>Package List:</h2>
<ul>
<li>
SUSE Linux Enterprise Micro 5.5 (noarch)
<ul>
<li>supportutils-3.1.26-150300.7.35.21.1</li>
</ul>
</li>
</ul>
<h2>References:</h2>
<ul>
<li>
<a href="https://www.suse.com/security/cve/CVE-2022-45154.html">https://www.suse.com/security/cve/CVE-2022-45154.html</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1181477">https://bugzilla.suse.com/show_bug.cgi?id=1181477</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1196933">https://bugzilla.suse.com/show_bug.cgi?id=1196933</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1204942">https://bugzilla.suse.com/show_bug.cgi?id=1204942</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1205533">https://bugzilla.suse.com/show_bug.cgi?id=1205533</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206402">https://bugzilla.suse.com/show_bug.cgi?id=1206402</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1206608">https://bugzilla.suse.com/show_bug.cgi?id=1206608</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207543">https://bugzilla.suse.com/show_bug.cgi?id=1207543</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1207598">https://bugzilla.suse.com/show_bug.cgi?id=1207598</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1208928">https://bugzilla.suse.com/show_bug.cgi?id=1208928</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1209979">https://bugzilla.suse.com/show_bug.cgi?id=1209979</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210015">https://bugzilla.suse.com/show_bug.cgi?id=1210015</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1210950">https://bugzilla.suse.com/show_bug.cgi?id=1210950</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211598">https://bugzilla.suse.com/show_bug.cgi?id=1211598</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1211599">https://bugzilla.suse.com/show_bug.cgi?id=1211599</a>
</li>
<li>
<a href="https://bugzilla.suse.com/show_bug.cgi?id=1213127">https://bugzilla.suse.com/show_bug.cgi?id=1213127</a>
</li>
<li>
<a href="https://jira.suse.com/browse/PED-1703">https://jira.suse.com/browse/PED-1703</a>
</li>
</ul>
</div>