[SUSE-SU-2023:0353-1] Security update for SUSE Manager Client Tools
Severity
Moderate
Affected Packages
2
CVEs
6
Security update for SUSE Manager Client Tools
This update fixes the following issues:
dracut-saltboot:
- Update to version 0.1.1673279145.e7616bd
- Add failsafe stop file when salt-minion does not stop (bsc#1172110)
- Copy existing wicked config instead of generating new (bsc#1205599)
grafana:
- Update to version 8.5.15 (jsc#PED-2617):
- CVE-2022-39306: Fix for privilege escalation (bsc#1205225)
- CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227)
- Update to version 8.5.14:
- CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303)
- CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305)
- CVE-2022-31123: Fix plugin signature bypass (bsc#1204302)
- CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304)
mgr-osad:
- Version 4.3.7-1
- Updated logrotate configuration (bsc#1206470)
mgr-push:
- Version 4.3.5-1
- Update translation strings
rhnlib:
- Version 4.3.5-1
- Don't get stuck at the end of SSL transfers (bsc#1204032)
spacecmd:
- Version 4.3.18-1
- Add python-dateutil dependency, required to process date values in spacecmd api calls
- Version 4.3.17-1
- Remove python3-simplejson dependency
- Correctly understand 'ssm' keyword on scap scheduling
- Add vendor_advisory information to errata_details call (bsc#1205207)
- Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126)
- Changed schedule product migration to use the correct API method
- Change default port of 'Containerized Proxy configuration' 8022
spacewalk-client-tools:
- Version 4.3.14-1
- Update translation strings
uyuni-common-libs:
- Version 4.3.7-1
- unify user notification code on java side
Package | Affected Version |
---|---|
pkg:rpm/suse/spacecmd?arch=noarch&distro=opensuse-leap-15.4 | < 4.3.18-150000.3.92.1 |
pkg:rpm/suse/dracut-saltboot?arch=noarch&distro=opensuse-leap-15.4 | < 0.1.1673279145.e7616bd-150000.1.44.1 |
- ID
- SUSE-SU-2023:0353-1
- Severity
- moderate
- URL
- https://www.suse.com/support/update/announcement/2023/suse-su-20230353-1/
- Published
-
2023-02-10T14:12:55
(19 months ago) - Modified
-
2023-02-10T14:12:55
(19 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALSA-2023:2167
- ALSA-2023:2784
- ALSA-2023:6420
- ELSA-2023-2167
- ELSA-2023-2784
- ELSA-2023-6420
- FREEBSD:0A80F159-629B-11ED-9CA2-6C3BE5272ACD
- FREEBSD:4E60D660-6298-11ED-9CA2-6C3BE5272ACD
- FREEBSD:6877E164-6296-11ED-9CA2-6C3BE5272ACD
- FREEBSD:6EB6A442-629A-11ED-9CA2-6C3BE5272ACD
- FREEBSD:6F6C9420-6297-11ED-9CA2-6C3BE5272ACD
- FREEBSD:909A80BA-6294-11ED-9CA2-6C3BE5272ACD
- GO-2024-2843
- GO-2024-2844
- GO-2024-2848
- GO-2024-2851
- GO-2024-2855
- GO-2024-2858
- RHSA-2023:2167
- RHSA-2023:2784
- RHSA-2023:6420
- SUSE-SU-2023:0352-1
- SUSE-SU-2023:0362-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:0196-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/spacecmd?arch=noarch&distro=opensuse-leap-15.4 | suse | spacecmd | < 4.3.18-150000.3.92.1 | opensuse-leap-15.4 | noarch | |
Affected | pkg:rpm/suse/dracut-saltboot?arch=noarch&distro=opensuse-leap-15.4 | suse | dracut-saltboot | < 0.1.1673279145.e7616bd-150000.1.44.1 | opensuse-leap-15.4 | noarch |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |