[SUSE-SU-2022:0310-1] Security Beta update for SUSE Manager Client Tools
Severity
Moderate
CVEs
2
Security Beta update for SUSE Manager Client Tools
This update fixes the following issues:
grafana:
- Update to version 7.5.12:
- Fix markdown path traversal (#42969, bsc#1193688, CVE-2021-43813)
- Recreate tarballs using the makefile to update the npm and go modules required
- Update to version 7.5.11:
- Fix Snapshot authentication bypass (bsc#1191454, CVE-2021-39226)
- Fix certs issue (#40002)
- Release v7.5.11 (#124)
- Fix static path matching issue in macaron
- OAuth: add docs for disableAutoLogin param (#38752) (#38894)
- Fix #747; remove 'other variables'. (#37866) (#37878)
- Update alert docs (#33658) (#33659)
- [7.5.x] Docs: added documentation for the 'prepare time series'-transformation. (#36836)
- cherry picked dc5778c303ca555b70e8ca8c28e95997e26ecfc1 (#36813)
- 'Release: Updated versions in package to 7.5.10' (#36792)
- [v7.5.x] Transformations: add 'prepare time series' transformer (#36749)
- Remove verify-drone from windows (#36775)
- Update queries.md (#31941) (#36764)
- Updated content to specify method to use to get keyboard shortcuts; (#36084) (#36087)
- ReleaseNotes: Updated changelog and release notes for 7.5.9 (#36057) (#36077)
- 'Release: Updated versions in package to 7.5.9' (#36056)
- Login: Fixes Unauthorized message showing when on login page or snapshot page (#35311) (#35880)
- ReleaseNotes: Updated changelog and release notes for 7.5.8 (#35703) (#35822)
- CI: Upgrade pipeline tool to use main (#35804)
- CI: try to force v7.5.x instead of master (#35799)
- CI: supports move from master to main in 7.5.x release branch (#35747)
- 'Release: Updated versions in package to 7.5.8' (#35701)
- Chore: Bump acorn and lodash-es (#35650)
- Snapshots: Remove dashboard links from snapshots (#35567) (#35585)
- [v7.5.x] Datasource: Allow configuring
MaxConnsPerHost
(#35519) - Remove docs sync from v7.5.x (#35443)
- 'Release: Updated versions in package to 7.5.7' (#35412)
- Add max_idle_connections_per_host to config (#35365)
- Update go.sum to fix failing enterprise pipeline (#35353)
- [v7.5.x] HTTP Client: Introduce
go-conntrack
(#35321) - Fix Markdown syntax in enterprise/license/_index.md (#34683) (#35210)
- Update annotations.md (#33218) (#35138)
- Docs: Add query caching to enterprise docs page (#34751) (#35025)
- [7.5.x] Admin: hide per role counts for licensed users (#34994)
- cleanup shortcodes, image paths (#34827)
- Security: Upgrade Thrift dependency (#34698) (#34702)
- Docs: Fix Quick Start link on Geting Started Influx page (#34549) (#34603)
- Add link to release notes v7.5.7 (#34460) (#34474)
- Update 7.5.x landing page (#34447)
- ReleaseNotes: Updated changelog and release notes for 7.5.7 (#34383) (#34428)
- Update to 7.5.10
- [v7.5.x] Transformations: add 'prepare time series' transformer. [#36749]
- Update to 7.5.9
- Login: Fix Unauthorized message that is displayed on sign-in or snapshot page. [#35880]
kiwi-desc-saltboot:
- Update to version 0.1.1639488226.7c9eab9
- Enable one-time autosign grains for SLE12 and SLE11 clients
mgr-cfg:
- Version 4.3.3-1
- Fix python selinux package name depending on build target (bsc#1193600)
- Do not build python 2 package for SLE15SP4 and higher
mgr-custom-info:
- Version 4.3.3-1
- require python macros for building
mgr-osad:
- Version 4.3.3-1
- require python macros for building
- Do not build python 2 package for SLE15SP4 and higher
mgr-push:
- Version 4.3.2-1
- Do not build python 2 package for SLE15SP4 and higher
mgr-virtualization:
- Version 4.3.2-1
- require python macros for building
- Do not build python 2 package for SLE15SP4 and higher
python-hwdata:
- Require python macros for building
rhnlib:
- Version 4.3.2-1
- do not build python 2 package for SLE15
salt:
- Fix tmpfiles.d configuration for salt to not use legacy paths (bsc#1173103)
- Fix the regression of docker_container state module (bsc#1191285)
spacecmd:
- Version 4.3.5-1
- require python macros for building
spacewalk-client-tools:
- Version 4.3.5-1
- require python macros for building
- do not build python 2 package for SLE15
spacewalk-koan:
- Version 4.3.2-1
- Do not build python 2 package for SLE15SP4 and higher
spacewalk-oscap:
- Version 4.3.2-1
- require python macros for building
- Do not build python 2 package for SLE15SP4 and higher
spacewalk-remote-utils:
- Version 4.3.2-1
- require python macros for building
suseRegisterInfo:
- Version 4.3.2-1
- require python macros for building
- Do not build python 2 package for SLE15 and higher
uyuni-common-libs:
- Version 4.3.2-1
- Read modularity data from DISTTAG tag as fallback (bsc#1192487)
- Add decompression of zck files to fileutils
- require python macros for building
zypp-plugin-spacewalk:
- 1.0.11
- require python macros for building
- ID
- SUSE-SU-2022:0310-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20220310-1/
- Published
-
2022-02-02T11:09:18
(2 years ago) - Modified
-
2022-02-02T11:09:18
(2 years ago) - Rights
- Copyright 2023 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2021-43813
- ALSA-2021:3771
- ALSA-2022:1781
- ASA-202112-11
- CISA-2022:0825
- ELSA-2021-3771
- ELSA-2022-1781
- FEDORA-2021-01588ab0bf
- FEDORA-2021-dd83dc8b0b
- FEDORA-2022-6e6b59a682
- FEDORA-2022-c6ae206be7
- FREEBSD:757EE63B-269A-11EC-A616-6C3BE5272ACD
- FREEBSD:A994FF7D-5B3F-11EC-8398-6C3BE5272ACD
- openSUSE-SU-2022:0140-1
- RHSA-2021:3771
- RHSA-2022:1781
- RLSA-2021:3771
- RLSA-2022:1781
- SUSE-SU-2022:0138-1
- SUSE-SU-2022:0139-1
- SUSE-SU-2022:0311-1
- SUSE-SU-2022:0751-1
- SUSE-SU-2022:1396-1
- SUSE-SU-2022:1729-1
- SUSE-SU-2022:2134-1
- SUSE-SU-2022:3338-1
- SUSE-SU-2022:3339-1
- SUSE-SU-2022:3425-1
- SUSE-SU-2022:4428-1
- SUSE-SU-2022:4437-1
- SUSE-SU-2022:4439-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:0196-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | URL for SUSE-SU-2022:0310-1 | https://www.suse.com/support/update/announcement/2022/suse-su-20220310-1/ | |
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_0310-1.json | |
Suse | E-Mail link for SUSE-SU-2022:0310-1 | https://lists.suse.com/pipermail/sle-security-updates/2022-February/010174.html | |
Bugzilla | SUSE Bug 1173103 | https://bugzilla.suse.com/1173103 | |
Bugzilla | SUSE Bug 1191285 | https://bugzilla.suse.com/1191285 | |
Bugzilla | SUSE Bug 1191454 | https://bugzilla.suse.com/1191454 | |
Bugzilla | SUSE Bug 1192487 | https://bugzilla.suse.com/1192487 | |
Bugzilla | SUSE Bug 1193600 | https://bugzilla.suse.com/1193600 | |
Bugzilla | SUSE Bug 1193688 | https://bugzilla.suse.com/1193688 | |
CVE | SUSE CVE CVE-2021-39226 page | https://www.suse.com/security/cve/CVE-2021-39226/ | |
CVE | SUSE CVE CVE-2021-43813 page | https://www.suse.com/security/cve/CVE-2021-43813/ |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |