SUSE-SU-2023:0352-1
Vulnerability Summary
Timeline
Description
Security update for SUSE Manager Client Tools This update fixes the following issues: grafana: - Update to version 8.5.15 (jsc#PED-2617): * CVE-2022-39306: Fix for privilege escalation (bsc#1205225) * CVE-2022-39307: Omit error from http response when user does not exists (bsc#1205227) - Update to version 8.5.14: * CVE-2022-39201: Fix do not forward login cookie in outgoing requests (bsc#1204303) * CVE-2022-31130: Make proxy endpoints not leak sensitive HTTP headers (bsc#1204305) * CVE-2022-31123: Fix plugin signature bypass (bsc#1204302) * CVE-2022-39229: Fix blocknig other users from signing in (bsc#1204304) kiwi-desc-saltboot: - Update to version 0.1.1673279145.e7616bd * Add failsafe stop file when salt-minion does not stop (bsc#1172110) mgr-osad: - Version 4.3.7-1 * Updated logrotate configuration (bsc#1206470) mgr-push: - Version 4.3.5-1 * Update translation strings rhnlib: - Version 4.3.5-1 * Don't get stuck at the end of SSL transfers (bsc#1204032) spacecmd: - Version 4.3.18-1 * Add python-dateutil dependency, required to process date values in spacecmd api calls - Version 4.3.17-1 * Remove python3-simplejson dependency * Correctly understand 'ssm' keyword on scap scheduling * Add vendor_advisory information to errata_details call (bsc#1205207) * Added two missing options to schedule product migration: allow-vendor-change and remove-products-without-successor (bsc#1204126) * Changed schedule product migration to use the correct API method * Change default port of 'Containerized Proxy configuration' 8022 spacewalk-client-tools: - Version 4.3.14-1 * Update translation strings uyuni-common-libs: - Version 4.3.7-1 * unify user notification code on java side
Affected Systems
- suse•grafana&distro=SUSE Manager Client Tools 12
< 8.5.15-1.39.1
- suse•kiwi-desc-saltboot&distro=SUSE Manager Client Tools 12
< 0.1.1673279145.e7616bd-1.32.1
- suse•mgr-osad&distro=SUSE Manager Client Tools 12
< 4.3.7-1.42.1
- suse•mgr-push&distro=SUSE Manager Client Tools 12
< 4.3.5-1.24.1
- suse•rhnlib&distro=SUSE Manager Client Tools 12
< 4.3.5-21.46.1
- suse•spacecmd&distro=SUSE Manager Client Tools 12
< 4.3.18-38.115.1
- suse•spacewalk-client-tools&distro=SUSE Manager Client Tools 12
< 4.3.14-52.83.1
- suse•uyuni-common-libs&distro=SUSE Manager Client Tools 12
< 4.3.7-1.30.1
References (18)
- https://www.suse.com/support/update/announcement/2023/suse-su-20230352-1/
- https://bugzilla.suse.com/1172110
- https://bugzilla.suse.com/1204032
- https://bugzilla.suse.com/1204126
- https://bugzilla.suse.com/1204302
- https://bugzilla.suse.com/1204303
- https://bugzilla.suse.com/1204304
- https://bugzilla.suse.com/1204305
- https://bugzilla.suse.com/1205207
- https://bugzilla.suse.com/1205225
- https://bugzilla.suse.com/1205227
- https://bugzilla.suse.com/1206470
- https://www.suse.com/security/cve/CVE-2022-31123
- https://www.suse.com/security/cve/CVE-2022-31130
- https://www.suse.com/security/cve/CVE-2022-39201
- https://www.suse.com/security/cve/CVE-2022-39229
- https://www.suse.com/security/cve/CVE-2022-39306
- https://www.suse.com/security/cve/CVE-2022-39307