[SUSE-SU-2022:3751-1] Security update for SUSE Manager Client Tools

Severity Moderate

Affected Packages 16

CVEs 2

Security update for SUSE Manager Client Tools

This update fixes the following issues:

dracut-saltboot:

Update to version 0.1.1661440542.6cbe0da
- Use standard susemanager.conf
- Move image services to dracut-saltboot package
- Use salt bundle

golang-github-lusitaniae-apache_exporter:

Update to upstream release 0.11.0 (jsc#SLE-24791)
- Add TLS support
- Switch to logger, please check --log.level and --log.format flags
Update to version 0.10.1
- Bugfix: Reset ProxyBalancer metrics on each scrape to remove stale data
Update to version 0.10.0
- Add Apache Proxy and other metrics
Update to version 0.8.0
- Change commandline flags
- Add metrics: Apache version, request duration total
Adapted to build on Enterprise Linux 8
Require building with Go 1.15
Add %license macro for LICENSE file

grafana:

Update to version 8.3.10
- Security:
- CVE-2022-31097: Cross Site Scripting vulnerability in the Unified Alerting (bsc#1201535)
- CVE-2022-31107: Fixes OAuth account takeover vulnerability (bsc#1201539)
Update to version 8.3.9
- Bug fixes:
- Geomap: Display legend
- Prometheus: Fix timestamp truncation
Update to version 8.3.7
- Bug fix:
- Provisioning: Ensure that the default value for orgID is set when provisioning datasources to be deleted.
Update to version 8.3.6
- Features and enhancements:
- Cloud Monitoring: Reduce request size when listing labels.
- Explore: Show scalar data result in a table instead of graph.
- Snapshots: Updates the default external snapshot server URL.
- Table: Makes footer not overlap table content.
- Tempo: Add request histogram to service graph datalink.
- Tempo: Add time range to tempo search query behind a feature flag.
- Tempo: Auto-clear results when changing query type.
- Tempo: Display start time in search results as relative time.
- CloudMonitoring: Fix resource labels in query editor.
- Cursor sync: Apply the settings without saving the dashboard.
- LibraryPanels: Fix for Error while cleaning library panels.
- Logs Panel: Fix timestamp parsing for string dates without timezone.
- Prometheus: Fix some of the alerting queries that use reduce/math operation.
- TablePanel: Fix ad-hoc variables not working on default datasources.
- Text Panel: Fix alignment of elements.
- Variables: Fix for constant variables in self referencing links.
Update to version 8.3.5 (jsc#SLE-23439, jsc#SLE-23422, jsc#SLE-24565)

mgr-daemon:

Version 4.3.6-1
- Update translation strings

spacecmd:

Version 4.3.15-1
- Process date values in spacecmd api calls (bsc#1198903)

spacewalk-client-tools:

Version 4.3.12-1
- Update translation strings

uyuni-common-libs:

Version 4.3.6-1
- Do not allow creating path if nonexistent user or group in fileutils.

Package	Affected Version
pkg:rpm/suse/spacecmd?arch=noarch&distro=opensuse-leap-15.4	< 4.3.15-150000.3.86.1
pkg:rpm/suse/spacecmd?arch=noarch&distro=opensuse-leap-15.3	< 4.3.15-150000.3.86.1
pkg:rpm/suse/golang-github-prometheus-node_exporter?arch=x86_64&distro=sles-15	< 1.3.0-150000.3.18.1
pkg:rpm/suse/golang-github-prometheus-node_exporter?arch=s390x&distro=sles-15	< 1.3.0-150000.3.18.1
pkg:rpm/suse/golang-github-prometheus-node_exporter?arch=ppc64le&distro=sles-15	< 1.3.0-150000.3.18.1
pkg:rpm/suse/golang-github-prometheus-node_exporter?arch=aarch64&distro=sles-15	< 1.3.0-150000.3.18.1
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=x86_64&distro=opensuse-leap-15.4	< 0.11.0-150000.1.12.1
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=x86_64&distro=opensuse-leap-15.3	< 0.11.0-150000.1.12.1
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=s390x&distro=opensuse-leap-15.4	< 0.11.0-150000.1.12.1
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=s390x&distro=opensuse-leap-15.3	< 0.11.0-150000.1.12.1
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=ppc64le&distro=opensuse-leap-15.4	< 0.11.0-150000.1.12.1
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=ppc64le&distro=opensuse-leap-15.3	< 0.11.0-150000.1.12.1
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=aarch64&distro=opensuse-leap-15.4	< 0.11.0-150000.1.12.1
pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=aarch64&distro=opensuse-leap-15.3	< 0.11.0-150000.1.12.1
pkg:rpm/suse/dracut-saltboot?arch=noarch&distro=opensuse-leap-15.4	< 0.1.1661440542.6cbe0da-150000.1.38.1
pkg:rpm/suse/dracut-saltboot?arch=noarch&distro=opensuse-leap-15.3	< 0.1.1661440542.6cbe0da-150000.1.38.1

ID

SUSE-SU-2022:3751-1

Severity

moderate

URL

https://www.suse.com/support/update/announcement/2022/suse-su-20223751-1/

Published

2022-10-26T08:48:09
(23 months ago)

Modified

2022-10-26T08:48:09
(23 months ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_3751-1.json
Suse	URL for SUSE-SU-2022:3751-1	https://www.suse.com/support/update/announcement/2022/suse-su-20223751-1/
Suse	E-Mail link for SUSE-SU-2022:3751-1	https://lists.suse.com/pipermail/sle-security-updates/2022-October/012706.html
Bugzilla	SUSE Bug 1198903	https://bugzilla.suse.com/1198903
Bugzilla	SUSE Bug 1201535	https://bugzilla.suse.com/1201535
Bugzilla	SUSE Bug 1201539	https://bugzilla.suse.com/1201539
CVE	SUSE CVE CVE-2022-31097 page	https://www.suse.com/security/cve/CVE-2022-31097/
CVE	SUSE CVE CVE-2022-31107 page	https://www.suse.com/security/cve/CVE-2022-31107/

Type	Package URL	Namespace	Name / Product	Version	Distribution / Platform	Arch
Affected	pkg:rpm/suse/spacecmd?arch=noarch&distro=opensuse-leap-15.4	suse	spacecmd	< 4.3.15-150000.3.86.1	opensuse-leap-15.4	noarch
Affected	pkg:rpm/suse/spacecmd?arch=noarch&distro=opensuse-leap-15.3	suse	spacecmd	< 4.3.15-150000.3.86.1	opensuse-leap-15.3	noarch
Affected	pkg:rpm/suse/golang-github-prometheus-node_exporter?arch=x86_64&distro=sles-15	suse	golang-github-prometheus-node_exporter	< 1.3.0-150000.3.18.1	sles-15	x86_64
Affected	pkg:rpm/suse/golang-github-prometheus-node_exporter?arch=s390x&distro=sles-15	suse	golang-github-prometheus-node_exporter	< 1.3.0-150000.3.18.1	sles-15	s390x
Affected	pkg:rpm/suse/golang-github-prometheus-node_exporter?arch=ppc64le&distro=sles-15	suse	golang-github-prometheus-node_exporter	< 1.3.0-150000.3.18.1	sles-15	ppc64le
Affected	pkg:rpm/suse/golang-github-prometheus-node_exporter?arch=aarch64&distro=sles-15	suse	golang-github-prometheus-node_exporter	< 1.3.0-150000.3.18.1	sles-15	aarch64
Affected	pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=x86_64&distro=opensuse-leap-15.4	suse	golang-github-lusitaniae-apache_exporter	< 0.11.0-150000.1.12.1	opensuse-leap-15.4	x86_64
Affected	pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=x86_64&distro=opensuse-leap-15.3	suse	golang-github-lusitaniae-apache_exporter	< 0.11.0-150000.1.12.1	opensuse-leap-15.3	x86_64
Affected	pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=s390x&distro=opensuse-leap-15.4	suse	golang-github-lusitaniae-apache_exporter	< 0.11.0-150000.1.12.1	opensuse-leap-15.4	s390x
Affected	pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=s390x&distro=opensuse-leap-15.3	suse	golang-github-lusitaniae-apache_exporter	< 0.11.0-150000.1.12.1	opensuse-leap-15.3	s390x
Affected	pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=ppc64le&distro=opensuse-leap-15.4	suse	golang-github-lusitaniae-apache_exporter	< 0.11.0-150000.1.12.1	opensuse-leap-15.4	ppc64le
Affected	pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=ppc64le&distro=opensuse-leap-15.3	suse	golang-github-lusitaniae-apache_exporter	< 0.11.0-150000.1.12.1	opensuse-leap-15.3	ppc64le
Affected	pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=aarch64&distro=opensuse-leap-15.4	suse	golang-github-lusitaniae-apache_exporter	< 0.11.0-150000.1.12.1	opensuse-leap-15.4	aarch64
Affected	pkg:rpm/suse/golang-github-lusitaniae-apache_exporter?arch=aarch64&distro=opensuse-leap-15.3	suse	golang-github-lusitaniae-apache_exporter	< 0.11.0-150000.1.12.1	opensuse-leap-15.3	aarch64
Affected	pkg:rpm/suse/dracut-saltboot?arch=noarch&distro=opensuse-leap-15.4	suse	dracut-saltboot	< 0.1.1661440542.6cbe0da-150000.1.38.1	opensuse-leap-15.4	noarch
Affected	pkg:rpm/suse/dracut-saltboot?arch=noarch&distro=opensuse-leap-15.3	suse	dracut-saltboot	< 0.1.1661440542.6cbe0da-150000.1.38.1	opensuse-leap-15.3	noarch

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date