[SUSE-SU-2022:1545-1] Security Beta update for SUSE Manager Client Tools
Severity
Important
CVEs
5
Security Beta update for SUSE Manager Client Tools
This update fixes the following issues:
golang-github-prometheus-alertmanager:
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter
- Update vendor tarball with prometheus/client_golang 1.11.1 (bsc#1196338, jsc#SLE-24077)
- Update to version 0.23.0:
- amtool: Detect version drift and warn users (#2672)
- Add ability to skip TLS verification for amtool (#2663)
- Fix empty isEqual in amtool. (#2668)
- Fix main tests (#2670)
- cli: add new template render command (#2538)
- OpsGenie: refer to alert instead of incident (#2609)
- Docs: target_match and source_match are DEPRECATED (#2665)
- Fix test not waiting for cluster member to be ready
- Added hardening to systemd service(s) (bsc#1181400).
golang-github-prometheus-prometheus:
- Build firewalld-prometheus-config only for SUSE Linux Enterprise 15, 15.1 and 15.2, and require firewalld for it
- Firewalld-prometheus-config needs to be a Recommends, not a Requires, as prometheus does not require it to run
- Create firewalld-prometheus-config subpackage (bsc#1197042)
- CVE-2022-21698: Denial of service using InstrumentHandlerCounter.
- Update vendor tarball with prometheus/client_golang 1.12.1 (bsc#1196338)
mgr-cfg:
- Version 4.3.6-1
- Fix the condition for preventing building python 2 subpackage for SLE15 (bsc#1197579)
mgr-osad:
- Version 4.3.6-1
- Fix the condition for preventing building python 2 subpackage for SLE15
mgr-push:
- Version 4.3.4-1
- Fix the condition for preventing building python 2 subpackage for SLE15
mgr-virtualization:
- Version 4.3.5-1
- Fix the condition for preventing building python 2 subpackage for SLE15
rhnlib:
- Version 4.3.4-1
- Fix the condition for preventing building python 2 subpackage for SLE15
salt:
- Prevent data pollution between actions proceesed at the same time (bsc#1197637)
- Fix regression preventing bootstrapping new clients caused by redundant dependency on psutil (bsc#1197533)
- Fixes for Python 3.10
- Fix salt-ssh opts poisoning (bsc#1197637)
- Fix multiple security issues for salt (bsc#1197417):
- CVE-2022-22935: Sign authentication replies to prevent MiTM.
- CVE-2022-22934: Sign pillar data to prevent MiTM attacks.
- CVE-2022-22936: Prevent job and fileserver replays.
- CVE-2022-22941: Fixed targeting bug, especially visible when using syndic and user auth.
spacecmd:
- Version 4.3.10-1
- parse boolean parameters correctly (bsc#1197689)
- Add parameter to set containerized proxy SSH port
spacewalk-client-tools:
- Version 4.3.9-1
- Fix the condition for preventing building python 2 subpackage for SLE15
spacewalk-koan:
- Version 4.3.5-1
- Fix the condition for preventing building python 2 subpackage for SLE15
spacewalk-oscap:
- Version 4.3.5-1
- Fix the condition for preventing building python 2 subpackage for SLE15
suseRegisterInfo:
- Version 4.3.3-1
- Fix the condition for preventing building python 2 subpackage for SLE15
uyuni-common-libs:
- Version 4.3.4-1
- implement more decompression algorithms for reposync (bsc#1196704)
uyuni-proxy-systemd-services:
- Version 4.3.2-1
- Harmonize systemd services names and container names
- Adapted to work on Enterprise Linux.
- Add package to SLE and Client tools (jsc#SLE-24145)
- Harmonize systemd services names and container names
- ID
- SUSE-SU-2022:1545-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2022/suse-su-20221545-1/
- Published
-
2022-05-05T10:11:10
(2 years ago) - Modified
-
2022-05-05T10:11:10
(2 years ago) - Rights
- Copyright 2023 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2022-21698
- ALPINE:CVE-2022-22934
- ALPINE:CVE-2022-22935
- ALPINE:CVE-2022-22936
- ALPINE:CVE-2022-22941
- ALSA-2022:1762
- ALSA-2022:7519
- ALSA-2022:7529
- ALSA-2022:8057
- ELSA-2022-1762
- ELSA-2022-7519
- ELSA-2022-7529
- ELSA-2022-8057
- FEDORA-2022-13ad572b5a
- FEDORA-2022-2067702f06
- FEDORA-2022-3969b64d4b
- FEDORA-2022-396c568c5e
- FEDORA-2022-5038c3236c
- FEDORA-2022-5e637f6cc6
- FEDORA-2022-5f253807ce
- FEDORA-2022-6043a7b938
- FEDORA-2022-6c4cb64314
- FEDORA-2022-739c7a0058
- FEDORA-2022-741325e9a0
- FEDORA-2022-83405f9d5b
- FEDORA-2022-92ef43c439
- FEDORA-2022-9dd03cab55
- FEDORA-2022-a7d438b30b
- FEDORA-2022-c5383675d9
- FEDORA-2022-c87047f163
- FEDORA-2022-e244ad73d6
- FEDORA-2022-eda0e65b01
- FEDORA-2022-fae3ecee19
- GLSA-202310-22
- GO-2022-0322
- MS:CVE-2022-21698
- openSUSE-SU-2022:1059-1
- PYSEC-2022-171
- PYSEC-2022-172
- PYSEC-2022-173
- PYSEC-2022-174
- RHSA-2022:1762
- RHSA-2022:7519
- RHSA-2022:7529
- RHSA-2022:8057
- RLSA-2022:1762
- RLSA-2022:7519
- RLSA-2022:7529
- RLSA-2022:8057
- SUSE-SU-2022:1049-1
- SUSE-SU-2022:1050-1
- SUSE-SU-2022:1051-1
- SUSE-SU-2022:1057-1
- SUSE-SU-2022:1058-1
- SUSE-SU-2022:1059-1
- SUSE-SU-2022:1060-1
- SUSE-SU-2022:1433-1
- SUSE-SU-2022:1434-1
- SUSE-SU-2022:1435-1
- SUSE-SU-2022:1514-1
- SUSE-SU-2022:1531-1
- SUSE-SU-2022:1536-1
- SUSE-SU-2022:2134-1
- SUSE-SU-2022:2137-1
- SUSE-SU-2022:2139-1
- SUSE-SU-2022:2140-1
- SUSE-SU-2022:2145-1
- SUSE-SU-2022:2834-1
- SUSE-SU-2022:2839-1
- SUSE-SU-2022:2839-2
- SUSE-SU-2022:3745-1
- SUSE-SU-2022:3747-1
- SUSE-SU-2024:0191-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |