SUSE-SU-2023:0811-1
Vulnerability Summary
Timeline
Description
Security update for SUSE Manager Client Tools This update fixes the following issues: grafana: - CVE-2022-46146: Fix basic authentication bypass by updating the exporter toolkit to version 0.7.3 (bsc#1208065) - CVE-2022-41723: Require Go 1.19 or newer (bsc#1208293) - Update to version 8.5.20: * CVE-2022-23552: Security: SVG: Add dompurify preprocessor step (bsc#1207749) * CVE-2022-39324: Security: Snapshots: Fix originalUrl spoof security issue (bsc#1207750) * Security: Omit error from http response * Bug fix: Email and username trimming and invitation validation spacecmd: - Version 4.3.19-1 * Fix spacecmd not showing any output for softwarechannel_diff and softwarechannel_errata_diff (bsc#1207352) * Prevent string api parameters to be parsed as dates if not in ISO-8601 format (bsc#1205759) spacewalk-client-tools: - Version 4.3.15-1 * Update translation strings
Affected Systems
- suse•grafana&distro=SUSE Manager Client Tools 12
< 8.5.20-1.42.1
- suse•spacecmd&distro=SUSE Manager Client Tools 12
< 4.3.19-38.118.1
- suse•spacewalk-client-tools&distro=SUSE Manager Client Tools 12
< 4.3.15-52.86.1
References (11)
- https://www.suse.com/support/update/announcement/2023/suse-su-20230811-1/
- https://bugzilla.suse.com/1205759
- https://bugzilla.suse.com/1207352
- https://bugzilla.suse.com/1207749
- https://bugzilla.suse.com/1207750
- https://bugzilla.suse.com/1208065
- https://bugzilla.suse.com/1208293
- https://www.suse.com/security/cve/CVE-2022-23552
- https://www.suse.com/security/cve/CVE-2022-39324
- https://www.suse.com/security/cve/CVE-2022-41723
- https://www.suse.com/security/cve/CVE-2022-46146