[SUSE-SU-2023:0352-1] Security update for SUSE Manager Client Tools

Severity Moderate

CVEs 6

Security update for SUSE Manager Client Tools

This update fixes the following issues:

grafana:

Update to version 8.5.15 (jsc#PED-2617):
- CVE-2022-39306: Fix for privilege escalation (bsc#1205225)
- CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
Update to version 8.5.14:
- CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303)
- CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
- CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
- CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)

kiwi-desc-saltboot:

Update to version 0.1.1673279145.e7616bd
- Add failsafe stop file when salt-minion does not stop (bsc#1172110)

mgr-osad:

Version 4.3.7-1
- Updated logrotate configuration (bsc#1206470)

mgr-push:

Version 4.3.5-1
- Update translation strings

rhnlib:

Version 4.3.5-1
- Don't get stuck at the end of SSL transfers (bsc#1204032)

spacecmd:

Version 4.3.18-1
- Add python-dateutil dependency, required to process date values in spacecmd api calls
Version 4.3.17-1
- Remove python3-simplejson dependency
- Correctly understand 'ssm' keyword on scap scheduling
- Add vendor_advisory information to errata_details call (bsc#1205207)
- Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126)
- Changed schedule product migration to use the correct API method
- Change default port of 'Containerized Proxy configuration' 8022

spacewalk-client-tools:

Version 4.3.14-1
- Update translation strings

uyuni-common-libs:

Version 4.3.7-1
- unify user notification code on java side

ID

SUSE-SU-2023:0352-1

Severity

moderate

URL

https://www.suse.com/support/update/announcement/2023/suse-su-20230352-1/

Published

2023-02-10T14:12:06
(19 months ago)

Modified

2023-02-10T14:12:06
(19 months ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0352-1.json
Suse	URL for SUSE-SU-2023:0352-1	https://www.suse.com/support/update/announcement/2023/suse-su-20230352-1/
Suse	E-Mail link for SUSE-SU-2023:0352-1	https://lists.suse.com/pipermail/sle-security-updates/2023-February/013729.html
Bugzilla	SUSE Bug 1172110	https://bugzilla.suse.com/1172110
Bugzilla	SUSE Bug 1204032	https://bugzilla.suse.com/1204032
Bugzilla	SUSE Bug 1204126	https://bugzilla.suse.com/1204126
Bugzilla	SUSE Bug 1204302	https://bugzilla.suse.com/1204302
Bugzilla	SUSE Bug 1204303	https://bugzilla.suse.com/1204303
Bugzilla	SUSE Bug 1204304	https://bugzilla.suse.com/1204304
Bugzilla	SUSE Bug 1204305	https://bugzilla.suse.com/1204305
Bugzilla	SUSE Bug 1205207	https://bugzilla.suse.com/1205207
Bugzilla	SUSE Bug 1205225	https://bugzilla.suse.com/1205225
Bugzilla	SUSE Bug 1205227	https://bugzilla.suse.com/1205227
Bugzilla	SUSE Bug 1206470	https://bugzilla.suse.com/1206470
CVE	SUSE CVE CVE-2022-31123 page	https://www.suse.com/security/cve/CVE-2022-31123/
CVE	SUSE CVE CVE-2022-31130 page	https://www.suse.com/security/cve/CVE-2022-31130/
CVE	SUSE CVE CVE-2022-39201 page	https://www.suse.com/security/cve/CVE-2022-39201/
CVE	SUSE CVE CVE-2022-39229 page	https://www.suse.com/security/cve/CVE-2022-39229/
CVE	SUSE CVE CVE-2022-39306 page	https://www.suse.com/security/cve/CVE-2022-39306/
CVE	SUSE CVE CVE-2022-39307 page	https://www.suse.com/security/cve/CVE-2022-39307/

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date